Organisations of all sizes require a current cyber security strategy. A good cyber security strategy will help you to focus on what is important, decide what funds are needed, give you the definition of success, can be measured and helps all involved to work towards a shared goal.
When undertaking security strategic planning, often a holistic view of security risks is taken resulting in a broad range of projects to be delivered over 2-3 years. But are these truly your immediate priorities? What if we took a different approach? What if we asked the business to tell us the worst thing that could happen if they were hacked and used their answer to create a cyber incident scenario? The scenario could relate to system availability, corrupted or exposed data or loss of licences to trade. Run this scenario as a drill against your Incident Response Plan (assuming your organisation has a plan – and if not…incident response would be the first item for your strategy). The outcomes of the drill can inform the security strategy for the next twelve months. What else could be a higher priority than addressing your organisation’s worse-case scenario?
Stay with me while I explain.
An incident response drill will help you understand if you could detect the signs of an incident, if you could prevent the impact to your systems, and where you need to improve the way you manage the response to future incidents. Furthermore, you can assess the impact on customers, products, and services, remembering to include business representatives in the drill scenario as decision makers.
An incident response-led security strategy would ensure you are aligned with your business’s objectives. The security projects identified will reflect the areas that most need attention in relation to cyber risk such as third parties, governance, monitoring or alerting, data, general security hygiene or legal/regulatory/privacy obligations. The list goes on. The point is, having a drill will not only strengthen your ability to respond to an incident, it will also raise gaps in your ability to detect, prevent, and bounce back should an attack be successful against your critical assets – as identified by the business. The drill outcomes will provide support to your business case as you can better justify the technology, resources or services needed to address key business risks after testing your ability to protect your critical assets.
Once you have identified the areas to be addressed, a drill every 6 months will help in measuring that your strategy is bringing you closer to both prevention and resilience.
Every security strategy must be aligned with business goals and must be based on necessity. Too many organisations spend finite resources addressing security problems that are not the highest priority. When you approach the next round of strategic planning, could your organisation benefit from an incident response led security strategy?