Is your Approach to Cyber Security Limited to a Checklist?
Is your approach to cybersecurity limited to a checklist?
I meet with CIOs and CISOs weekly to discuss their approach to cybersecurity. I often find that IT leadership seems secure in the knowledge that they are working from an established industry framework (such as NIST). This gives them a sense of security and a feeling they are in the safe zone.
Yes, working from established frameworks can be a good starting point to cybersecurity execution. NIST and ISO27001 are robust and a good place to commence the play.
Problems with a checklist approach to cyber security
A checklist approach to security can lead to companies investing in solutions, in isolation. It leads to limited visibility of what they are protecting and what against.
To have maturity in security a company must consider deeply the business it is in, and the level of security it needs. Organisations should leverage frameworks and best practice but not at the expense of their unique business risk profile.
Whilst having a checklist can provide guidance into how to approach your cybersecurity strategy, it is not an umbrella solution that can cater to every organisation. What your organisation requires is a solution that is unique to the needs of your business. A solution that allows for the flexibility to which a checklist does not cater towards.
Evolving your cyber security approach
As the cyber landscape inevitably continues to evolve, so too must your cyber approach. A combination of old threats, such as ransomware, and new threats, such as the internet of things, will come into play, creating additional complexity for CISOs and other C-suite executives to prepare for.
To ensure of this flexibility, make sure your organisation’s approach to cyber security is in line with your organisational requirements, and not a checklist that you found from an article on google.
What is your approach to cybersecurity? Are you following a checklist? Is it bespoke and suited to your firm?