2022 Cyber observations and organisational implications for Company Directors



This year I have met and presented to a range of organisations on how to create a Cyber strategy.


All of these organisations have existing vendors and Cyber technologies in place. They have been committed to and remained focused on their Cyber landscape. Still, their conclusion after the presentation is that their organisation lacks Cyber maturity, their current efforts are not all-encompassing and likely to result in vulnerabilities and non-adherence to the new Australian Director's Standards.


Why?


The market maturity of service providers and the Cyber budget available is compromising Cyber security. It is evident when I am presenting to Executives and Company Directors that there is a need for a Cyber strategy beyond their existing Cyber technologies. In applying an internationally recognised approach from world-leading CISOs who teach at Harvard, it prompts these organisations to consider their;


  • Goal of information security - how is a balance being achieved between availability, integrity and confidentiality.


  • Threats that could be unintentional or malicious arising externally or internally.


  • Three primary risks areas – Business Operations, Reputation and Legal and Compliance.


  • Technology management of their Firewall, Antivirus, Intrusion Prevention and Detection, and Email. The actual technologies within these are broad and should overlap (they often don’t, resulting in vulnerabilities).


  • Critical System identified in achieving their Business, Mission and Safety objectives with failure consequences of each understood.


  • Organisational standards assessed and uplifted using a framework such as NIST to Identify, Protect, Detect, Respond and Recover; with objectives understood.


What do these organisations decide to do?


To step back and develop these four elements for Cyber – being a Vision – clear Strategic Goals – measurable Objectives within the Strategic Goals – an Action Plan with near, mid and long term horizons.


Want to learn more?


I have a standard 30-minute presentation that I can share remotely with your executive team. Feel free to make contact.