Top ten cyber security essentials for the digital business
With Philip Hammond’s announcement of the UK’s National Cyber Security strategy yesterday, we thought we’d share a few tips on how you can secure your digital business. It’s clear that this is an issue that we all need to get behind, but knowing what to do is not the same as knowing how to do it…
1. Do the basics right. Upgrading infrastructure and patching known vulnerabilities will undermine the ability of cybercriminals to use those assets to carry out their campaigns. Enforce basic cyber security measures. Take the time to explain to users why things are done this way and they’ll be less likely to buck the system and leave the door open for attackers.
2. Have a security vision that allows you to naturally defend what’s important. Move away from thinking about security as a collection of capabilities. Ask: what, why and where are our critical assets, physical and digital? How are we going to protect them?
3. Classify your data. Every organisation needs to rate all its documents, images, content and data according to, for example, sensitivity, or geography. Unmarked data is hard to police.
4. Get visibility of your network activity. Use data analytics to monitor the environment and identify anomalies that could be fraudulent or malicious behaviour. What’s normal or abnormal? When do you bring in the experts? You can only make those decisions if you have the right data and the right level of vigilance.
5. Consider a greenfield site for digital innovation. There is a case for starting digital projects in the cloud from the beginning, to avoid any transition/contamination from the legacy infrastructure. Such an approach offers the advantage of inbuilt cloud security services, as well as the intrinsic flexibility of a cloud environment.
6. Be on the right track from the start. Cyber security is like accounting — there are well established ways of doing things, and for good reasons. And if you get the simple things right, you’ll be better prepared for more complex issues.
7. Accept that your security will be compromised. In the early days of cyber security the focus was 90 per cent protection and ten per cent recovery. We now know that a better balance is 50-50, with more emphasis on how the organisation manages and responds to incidents.
8. Find measures that everyone can understand. Time to detection is a good measure of your security capabilities (Cisco’s time to detection is 13 hours, compared with six months for the average organisation).
9. Lean on security partners. Digital businesses must learn to lean on others, because whatever you can do alone, it’s not going to be enough. Cyber security is no different from any other specialist business function, like finance or law. Bring in experts when you need them.
10. Secure your supply chain. Most large organisations have smaller businesses in their supply chain. Big business has a big role to play in helping downstream suppliers defend themselves and their trading partners.
To find out more, read our joint white paper with BT ‘Full speed ahead: how cyber security enables the digital business’.
Tags:
