Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 7 June, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Changing the Game when it comes to Cyber

By Alexander Lewis, Principal Security Consultant, Softcat

by Beth Smith
October 12, 2020
in Insight
Alexander Lewis - Insight promo picture
Share on FacebookShare on Twitter

Dramatic music fades in, there’s a man in a hoody in a poorly lit room sat in front of his desk, lines of green letters and numbers move horizontally across his laptop screen. ‘I’m In’ he says triumphantly, as he folds up his laptop and walks off stage left.

Isn’t it time we took back control of the cyber narrative? The above scene is common place in film, cinema, adverts and more, and are usually accompanied by statements like “its not if, but when”, “don’t be next” and “they’re coming for you”.

Could you imagine if we followed this narrative for health and safety? “slips are everywhere”, “don’t be next to fall off the wrong type of ladder” and “the workplace is out to get you”. No one would want to do their job!

Whilst the risks are real, and threats exist and breaches happen, this narrative doesn’t support the right behaviours when it comes to cyber. Much like health and safety, the best approach is to make as safe and secure an environment as possible, whilst being prepared that something might still go wrong. “But how do I do it?” I hear you cry; despite the fact your browser doesn’t have ears and can’t hear you…

As Softcat’s Principal Security Consultant I’ve worked with organisations big and small to help them answer that question. I’ll share some insights below:

  1. Understand Today.

Look at your organisation wholly, both internally (currently technology, people and controls) and externally (threats, risks and landscape). This latter part is more often neglected in the name of the internal optimisation, which whilst important, may not be the right first step.

Think about two buckets: threats that are common, and threats that are likely. Understand where various threat actors and attack scenarios sit, and put them into one or more of these buckets. If you work in a kitchen, drowning isn’t probably a common or likely risk, but pan fires are. If you run a swimming pool, the opposite is true. Another parallel cyber has with health and safety.

  1. Understand your Goals

Whilst I’d love to say everyone has a bottomless budget when it comes to cyber, that simply isn’t the case, and the next step is to look at what an achievable goal in cyber is for you. Whether its certification based, policy driven or none of the above, what do you need in place, so you can drive your business forward knowing cyber is under control.

  1. Create a tangible plan.

Now we know 1, and we know 2, all that is left is to work out the route forward. Be realistic with this, if you can only resource 3 projects, don’t build a programme that tries to achieve 7. Understand the speed you can run at and start working.

  1. Have Cyber ‘first aiders’

Much like health and safety, stuff still could go wrong, and if it does, you’ll need people and processes in place that you can rely on. Having a well-established incident response process, and whether using in house resource or a service provider, gives you a ‘break glass’ solution should the worst happen, especially if the incident falls outside of your common and likely risks.

There’s a lot more that can be done here, but fundamentally cyber isn’t the monster under the bed, or the hoodlum lurking in the dark. It’s a business risk like any other, and with the right focus, mindset, and approach, can be brought to heel like anything else. So let’s change the narrative, and stop feeling out of control, lets illuminate the darkness and remove our hoodies, and let’s not use programmes that use horizontal random green lines of text, it’s 2020 man. Get a GUI.

Alexander is a finalist in the Security Serious Unsung Heroes Awards 2020, sponsored by KnowBe4, Proviti, and Qualys 

FacebookTweetLinkedIn
ShareTweet
Previous Post

Customer records stolen in Chowbus data breach

Next Post

A Godperson of Security?

Recent News

large open office, bright.

Employees Feel 10 Times Calmer in an Environmentally Friendly Office Space

June 7, 2023
Blue Logo OUTPOST24

Outpost24 Acquires EASM Provider Sweepatic

June 7, 2023
Standard post, logos of brands, headshot.

J Brand: The Challenges of Putting Mental Health First in an Unfamiliar Industry

June 6, 2023
iPad with Anxiety written on it in capitals.

Half of UK Employees Suffer From “Sunday Scaries”

June 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information