This is not meant to be an essay, but simply a rapid-fire view of things that I see that are major challenges with digital security in today’s age. So, without any further delay let us hit it:
- It is not included in the plan. From business, programme to project, most people simply do not realise that they have to plan for these things. Why is that? I think that is for a world of reason, partially ignorance, partially huge assumptions that these things are someone else’s problem and that should surely all be taken care of, right? (think cloud).
- How much? Yes, you guessed it, tightly linked to planning for security (or more like the lack of it) here comes another huge problem, often there are not the resources for it! Without the plan, there’s not sufficient or adequate financial resources. This then creates the question, “who is going to pay for all this”?
- Our team just handle that…don’t they? Again, assumptions as we all know, “make an ASS out of U and ME”. So often I find that people just assume that IT support analyst X or developer Y simply will just build and bake security into all the things, but no one ever bothered to check!
- We are not big enough to be a target? Sure, you might not be, but when is the last time you did research on cyber crime to look at what organisations are impacted? Well, if you have said the first statement you either have not or you are reading the wrong intel. Everyone is a target because so much of this is opportunistic.
- It is just the technology isn’t it? WRONG. If you think that a bit of code or a blinky box will solve your problems, then you should go and explore the world of cyber a little more my friends. We have all kinds of areas to consider, from legal, regulatory, contractual, human, policy, process, risk, governance, compliance, financial, insurance, physical security, backup and recovery, availability etc. Digital security management covers a broad range of areas and likely touches and interfaces with every part of your business.
So here we have just 5 out of many business challenges we face on a daily basis. As a business owner I too have these challenges, as a consultant even more so. It is a myth to think that security is a technical only practise and that you can simply ‘buy’ security. Secure digital services require you to invest time, effort, and resources to ensuring your business, customers and people are safe, secure and their privacy is protected.
Business Digital Risk
So next time you have a board meeting check and see if you are managing cyber risk at an organisational level, but also think about how you can validate any assumptions or statements made. I bet you can find quite a few gaps. I will give you a likely one to start with for free – when is the last time you practised your incident response process with a real-life simulation? If the answer is not relatively recently you probably want to get your cyber planning hat on! Stay safe, stay secure and may the force be with you!