Sometimes, the biggest misconceptions with cybersecurity are to associate products and services with an ideal cybersecurity strategy and create a bulletproof level of confidence. However, most of Australia’s ASX 20 organisations including the top four banking institutes, financial services, capital markets and of course the government sector couldn’t be further from the truth.
Let’s take a look back over the last couple of years and months – recent hacks have compromised some real sensitive details such as payroll information, user personality tests, medical records, performance reviews, drivers’ licenses, personal addresses etc. As you can think, organisations at this tier spends millions on cyber prevention however, organisations get involved in an incredible amount of cybersecurity risk and breaches. Why?
Often at times people talk about ‘people’ being the weakest link in the cybersecurity chain. I disagree. People aren’t the weakest link if they are utilised correctly. “IT” people see users as liabilities, however, “IT” people do very little to empower, educate and create recurring moments where if users see, or feel something wrong is happening they challenge the situation. In most cases attacks happen in less than 2 hours by doing a targeted attack on an individual. Creating a level of pain, or associating a level of discomfort where the user will likely want to know “more information” and getting the user, to do a certain action which essentially causes the breach.
Using and complying with ISO standards is a good starting point, but as anything else it needs more attention.
As part of our cybersecurity strategy the number one tactic many organisations use is: to ensure they are ISO compliant –making sure they are following the “frameworks and industry best practices to prevent attacks” however, it doesn’t seem to do much. Having policies, documentation, standards and processes doesn’t mean anything. I’m here to give you the understanding that attacks are real and guess what – organisations are doing exactly what each other are doing – they are following one another and are in a state of what I call “mob mentality “. Organisations should rather be in their own dedicated cyber security tier and develop specific strategies that align with their core business challenges.
Sometimes the best strategies and tactics to developing a winning cybersecurity strategy is often having minimal and simple technology and no flashy lights.
About the author: