Questions every Business should consider in a Cyber Security Plan

Work with experts to draw up cyber security readiness, response and remediation plans for the organization.

• Do we have the Right Process to secure our Critical Data? A responsibility assignment matrix (covering who in the organization and third-party partners is responsible/accountable/need to be consulted/need to be informed) is a must in case of a cyber breach? Who’s responsible for fronting the media, for contacting customers, for investigating the breach, for contacting third party suppliers, for contacting legal and so on? Who is accountable and is ensuring that all these processes are correct, thorough and executed flawlessly? Who should be consulted in the event of a breach is? How have recent breaches been managed? Who needs to be informed – who are the stakeholders that you have to keep informed of progress and next steps?

• Is your Supply Chain Secure? For instance, automotive manufacturers have begun to take the threat of cyber breaches more seriously, and are looking at how their third party parts suppliers are aligning to their security own policies. This is to ensure that the sensors, systems, and other data-linked parts that make up an automobile cannot be easily hacked. Extend this concern into other manufacturing segments (e.g. aircraft supply chain) and the threat dynamic gets alarmingly. Take a closer look at external third party possession of key customer data, and how it is being used.

Takeaways:

Enterprises must seek to:

• Transform the behaviour of all stakeholders. Not all data is equally precious, and enterprises should spend greater focus on prioritizing threats that are relevant to individual business operations and their most critical assets. A cavalier employee or third party attitude to security will render an ironclad plan ineffectual. Organizations must transform internal and external behaviours to tighten their security posture.

• Transform its security posture. Enterprises must transform from being reactive and tactical to being strategic, preventative, and proactive instead. Consult your managed security service provider about advanced MSS capabilities, such as incident response management and predictive forensics.

• Defend against attacks with a cyber security ecosystem. Look at the breath of joint partnerships between telcos/SIs and security vendors (such as IBM, HPE and so on) – and understand how these combine to provide security benefits. These should not obfuscate a security agenda that misses the forest for the trees.