In my last article I wrote about the importance of companies adopting the governments cyber essentials scheme. This was aimed at organisation that were starting a security programme. For those that are more mature I wanted to focus on some key security principles that should be considered in your cyber strategy for 2020.
Cyber Training. There is continued growing evidence that training your staff on cyber security can have a real effect on reducing the risk to your organisation. Cyber risks won’t be solved by technology alone. The human side of the equation is vitally important. The large majority of attacks continue to be delivered via email. Users should be confident in identifying and reporting suspicious emails as well as be aware of how to handle and transfer sensitive information. Training platforms are evolving as well with intelligent software platforms that learns how individuals learn and personalises the experience to each person automatically. The personalised experience is based on their attitudes, confidence, knowledge and behaviour. These platforms are also now directed towards SME’s as well as corporate companies. Regulated sectors such as Banking, Financial and legal have seen a bigger adoption with sectors such as Construction and Manufacturing also adopting security awareness programmes.
Threat Intelligence provides organisations with an understanding of hacker’s techniques that could be used against an organisation. It is often a misconception that hackers need to run advanced techniques against organisations to compromise them. The reality is that many hacks are preventable. If only the organisation had identified the vulnerability and simply addressed, it. We witnessed this regularly in 2019 across our new customers that we onboarded. There is often a weak understanding of their vulnerabilities that our publicly visible. It remains one of the most effective controls you can implement in your security programme.
Asset Management is acknowledged as the foundation of any security programme. Essentially you can’t protect what you don’t know. However, what we are seeing is the convergence of more and more systems connected to company networks that the company has no visibility of. This can be anything from CCTV to vending machines and in one recent case a coffee machine. The internet of things (IOT) will allow an ever more connected business for the better. But organisations should have a real time view of their network and be able to identify any unauthorised devices connecting onto their network.
Context is always important, and these principles can have different priorities dependent on the organisations size and structure. But it’s also worth companies considering their growth plan and ensuring as they grow these security principles are embedded. Trying to apply these retrospectively can be considerably more expensive and resource heavy than adopting at an early stage.
We wish you a secure 2020 from the team at MA Consulting Ltd and we remain available for any support your company may require.
For more information
visit www.macyberuk.com or contact firstname.lastname@example.org
Interim CISO / Security Consultant / Board Advisor
Mo Ahddoud is the managing director of MA Consulting Ltd a cyber security consultancy focussed on helping companies protect themselves against cyber threats.
He is a security expert who last served as the Chief Information Security Officer at SGN, which manages and operates over 74,000 km of gas mains and services in Scotland and the south of England. Prior to coming to SGN, Mo acted as the International IT Security Lead at NBC Universal. His professional history also includes leading companies like IBM, BAE Systems, and a ten-year tenure as an officer in the British Army. His depth and variety of experience across public and private sectors gives him a unique insight into all angles of cybersecurity