By Chirag Joshi, Founder and CISO at 7 Rules Cyber
Keeping up with cyber security trends is vital, but organisations must get the fundamentals right as they shore up defences against evolving cyber threats.
A prudent first step is to develop a strong understanding of the key information assets, systems and suppliers that support the organisation’s business objectives. Protection of these elements takes priority in terms of cyber security efforts.
The next step is to understand the threats that are most relevant to the business. For example, financial services organisations would be more concerned about protecting against fraud and scams while Energy companies might prioritise the security of their Operational Technology (OT) systems to ensure human safety, and Universities might be looking at protecting their critical research.
Developing a strong understanding of business and relevant threats will allow organisations to understand the key security controls that offer them the most bang for their buck. Industry-leading frameworks such as NIST Cyber Security Framework can be leveraged to develop a holistic approach to security controls without making everything about tools and technologies.
Embedding cyber security risks into existing organisational risk practices will allow for meaningful executive engagement and a sensible approach that is based on risk appetite. After all cyber security is fundamentally a risk management exercise.
Finally, the human factor in cyber security is absolutely critical. A strong cyber-aware culture will enable organisations to protect themselves against a vast majority of cyber attacks which still start with social engineering vectors. Advances in AI have only reinforced the importance of critical thinking and human factors to combat sophisticated scams, deepfakes, and similar attacks.
About Author:
Chirag D. Joshi is a multi-award-winning CISO based in Australia, with global experience across industries such financial services, government, energy, healthcare, higher education and consulting. The author of two best-selling books “7 Rules to Influence Behaviour and Win at Cyber Security Awareness” and “7 Rules to Become Exceptional at Cyber Security”, Chirag is a respected keynote speaker and cybersecurity advisor.