Three Cyber Security questions that flummox 95% of businesses
These days there is generally a high degree of awareness about cyber security within most businesses. Largely thanks to several high-profile breaches and rising government regulation, cyber security is often discussed at levels within large companies. However, despite this upward trend there are several questions that have been found to stump the vast majority of those responsible for security, when they speak with the leadership. Here, the 2-sec team discuss three of the most common:
1. “What is our cyber security strategy?”
Over the last year an increasing number of IT Directors and CISOs have found this question coming up more and more. The question is difficult because although there may be a series of ISMS improvement projects underway, under the umbrella of a security programme, both can be largely focused on bringing the security of an organisation up to the point where it should already be. Increasingly, organisations are thinking about what their security posture is, often in relation to business growth targets. 2-sec has met with clients from pre-IPO through to large corporates who are having to think about how cyber security will enable their business to grow, not just to avoid breaches.
2. “Where is our data?”
One of the most challenging aspects of any business’ approach to data protection is understanding where their data is at any given time. Considering that most companies don’t think twice before taking on new applications, and rarely interrogate exactly where and how associated data will be stored, it’s an increasingly difficult question to answer.
The data location problem is compounded by the increasing reliance on the cloud. Whilst the cloud is an incredibly efficient way of doing business for most firms, many medium sized cloud providers will often use smaller providers for certain services, and with that in mind your digital supply chain for cloud solutions could include dozens of firms, each holding your data. Unless you know which company holds which part of your data, and how secure they are, this is a difficult question to answer
3. “Are we secure?”
Over the last year, 2-sec has met with many security leads who are asked this question, and struggle to answer. The struggle is not because the person answering doesn’t understand security, it’s because the answer could include reference to firewall activity, staff training, competitor incidents, risk registers, equipment updates or many other threat vectors, both internal and external.
Usually the person asking this question is a senior executive who is looking for a one sentence (possibly one word) response. In a situation like this, there is a science to giving a convincing answer that highlights the difficulty an organisation faces in operating securely, relative to the risk the organization is prepared to accept. Conveying that answer can be tricky, depending on an individual’s experience with senior executives, and any answer could lead to further questions and possibly an increase, or decrease, in support.
2-sec has worked with many organisations to help them build long-lasting, secure solutions to all of the points featured here. Our advisors are experts in their fields, many with 15+ years’ experience in cyber security. We can help your company to overcome it’s security challenges, whether that is finding answers or helping to ask the right questions. For more information, please contact us here.
2-sec is a leading provider of security consulting services. These include penetration testing, PCI DSS, Cyber Essentials, PA DSS, virtual CISO and training & awareness.