For IT professionals with cyber security as their mandate, the job duties are clear: protect the enterprise and keep the business running. How that plays out depends on the sector. Manufacturers worry about supply chain disruptions. Tech companies are concerned about intellectual property theft. Banks are on the alert for ransomware attacks.
It’s natural to take an industry-specific approach to cyber. But it’s important to remember that cyber threats fall into common categories across sectors. Getting a clear picture of the threat environment requires accessing advanced intelligence and insights that you may not have handy without the right tools, policies, and public-private relationships. Such data and people-to-people connections are important in making decisions regarding threat characterization, equipment purchases, and staff training.
“Proper preparation can enable your enterprise to do what the defense department calls for: defend forward”
As the CIO at Draper and a Brigade Commander in the New Hampshire National Guard, I have seen the benefits of cyber threat preparation in business, government, and the military. Cyber resiliency, most agree, is never 100 percent assured. The threat environment keeps us on our toes. Proper preparation can enable your enterprise to do what the Defense Department calls for: defend forward.
In the early days of the internet, cyber threat prevention and mitigation were left largely to IT. Now cyber resiliency is emerging as a top management concern. Recently the “Hiscox Cyber Readiness Report 2022,” which assesses how prepared businesses are to fight back against cyber incidents and breaches, reported that in seven out of eight countries, cyber threats are now seen as the biggest risk to business—ahead of the pandemic, economic downturn, skills shortages, and other issues.
IT professionals don’t like surprises. And cyber threats are becoming an all-too-common surprise. The following are the top questions management asks IT professionals regarding cyber, and my advice for you on taking action.
How can we keep employees cyber-compliant? Strengthen staff training and raise your cyber awareness--that’s my short answer. Invest in your people.