There is no single accepted definition of cybersecurity. However, there is consensus on three major principles:
- Confidentiality – ensuring that information is only accessible to those with a genuine need.
- Availability – ensuring information is available when needed.
- Integrity – ensuring information has not been altered from its last validated state.
Organisations need to be prepared to fail
Cybersecurity is an infinite game – good guys need to be good and lucky all the time, bad guys can be rubbish but only need to be lucky occasionally.
No plan of battle ever survived contact with the enemy, but failing to plan is planning to fail. Make your plans for coping with disruption, engage expert help and practice, practice and practice again
People are the key
No organisational change will succeed without the committed engagement and involvement of people at all levels. There is no single owner of cybersecurity risk as it is a systemic risk to all organisations.
Not everyone needs to be an expert, but everyone does need to know and play their role and not fluff their lines when the stuff hits the fan.
Take small steps
The history of IT is littered with the corpses of failed, overly ambitious programmes. Be realistic about what can be achieved and prioritise actions that will have the greatest effect for the greatest number of people. Plan for incremental changes where possible. Engage specialist suppliers to do what they are best at – nobody has all the answers or all the solutions.
Share your experiences
Skills are in high demand and short supply. Share your experiences with your peers in your supply chain, along with other organisations. Together we can protect each other better than acting alone.
Join groups, talk to colleagues, listen to experts and become part of the solution.
In this learning session, cybersecurity expert Oscar O’Connor gives a high-level overview of why cybersecurity must be integrated into the corporate governance and risk management regime.
There is no magic technological bullet that will remove all cybersecurity risks. For organisations to be 100% secure is an impossible fantasy. However, eliminating 95% or more of the risk is achievable for organisations of every size.
Oscar O’Connor has been helping companies make sense of cybersecurity for more than 20 years.