Cyber security should always be a top priority
by Raymund Taylan, Senior Security Advisor
3 March 2021
Let’s not wait until we get hit by a major cyber attack and suffer from a data breach
“Boards of directors are only prepared to fund the bare minimum to meet requirements for compliance and protection.” This is one of the findings that surfaced in Trend Micro’s latest study where 44% of respondents revealed that their board of directors is not very engaged in security decisions and strategies necessary to maintain a strong security posture that protects against data breaches and cyber attacks.
However, in the UK’s NCSC cyber security and resilience principles, presented in the Cyber Assessment Framework (CAF v3.0), boards are advised to be highly engaged and should be the driver in supporting the security of network and information systems to (a) maintain and improve cyber resiliency and (b) support the operations of essential functions in an organisation.
We can never be good enough in preventing cyber criminals’ attacks if…
If your organisation keeps cyber security at the bare minimum and doesn’t make cyber security technology and processes a top priority, your efforts will never be enough to ward off cyber criminals.
Cyber threats are evolving continuously. If a majority of organisations remain complacent and fund cyber security projects and initiatives just for compliance’s sake, then let’s say hello and welcome to the threat actors who are ready to attack anytime as these actions only help them to easily penetrate weak defences.
Take a step back and review your cyber security resilience
To manage this continuous evolution of cyber threats and constantly operate despite adverse cyber events, regular risk assessments must be performed on each department. This will help to quickly identify the key assets and services that must be protected in an organisation.
Improved business and security alignment is expected once cyber resilience reviews (CRR) become a regular task in your organisation. With the help of a cyber resilience review, this can be used by your board of directors to increase cyber security engagement and spot where to focus the organisation’s resources to keep the business resilient against cyber attacks.