To tackle cyber security effectively requires absolute commitment and buy-in from the C-suite , who must take a front foot approach to understanding their risk profile , supported by operators who have experience of how cyber must form a critical element of the organisation ’ s resilience strategy , preparing and planning for often complex and high-risk scenarios . If you look at some of the biggest and most catastrophic events of our generation , there are huge lessons you can learn from 9 / 11 , the Covid- 19 pandemic , or the Great Recession . By lifting cyber security up a level into risk and resilience planning can help make boards take notice .
Q . WHAT IS THE APPROACH LARGE ORGANISATIONS SHOULD BE TAKING ?
» As I said before , collaboration and continuous training of security staff is the key . As a rule of thumb roughly 50 % of security and IT staff should be operational and the other 50 % in training for new threats , new techniques and new technologies When it comes to innovation , I passionately believe that we are not getting new solutions to the front line quick enough . There isn ’ t a formal , strong criteria for adoption of innovation at an enterprise level . We can bring on board a new technology in four or five years – but in that time the chances are the threat landscape has moved on .
We need a better way to adopt innovation . Millions of innovative solutions come out , but identifying the best technologies , making them commercially viable for an enterprise and enacting meaningful change at speed is the holy grail .
This isn ’ t all the buyer ’ s fault . They get up to 200 inbounds a month with the latest technologies . These all might be great solutions , but can they scale , are they commercially viable for the enterprise , what is the cost of integration and displacement of other systems , what are the support costs , and do they protect your greatest threat vectors ?
There is an ongoing mismatch that can only be solved by collaboration up and down the supply chain , with an emphasis on action and tangible outputs , rather than reports and rhetoric .
cybermagazine
. com 23