What cyber security effort is most needed
The answer is you need to be doing something. The British cycling team is an amazing example of doing something. The story goes that British cycling from 1908 for nearly 110 years was lukewarm to terrible. It was so bad that some European bike manufacturers refused to supply bicycles to the British.
British Cycling then appointed Dave Brialsford who employed a concept of “aggregation of marginal gains”. The theory was that if you broke down everything into the smallest component and improved it by just 1% you will get a significant increase when you put them all together.
Within five years the British cycling team dominated the 2008 Olympics taking 60% of the gold on offer and in 2012 London olympics set nine olympic and seven world records and in the following years won back to back Tour de France races.
This is quite a turnaround from a team that had only won one gold in a hundred and ten years and never won a Tour de France.
If you are starting off trying to put in place a cyber security minded organisation it is going to be difficult and costly and almost out of reach to do it in a big hit.
Doing it incrementally won't get you fully protected right now but it will over a relatively short period of time get you to a point where you can say you are as protected as possible. I say as possible because nothing is completely certain and there is always a chance of a shark getting through the protective net.
There are a number of cyber security frameworks that help break down cyber security efforts. The breakdown of these efforts allows a business to raise the bar incrementally across all areas. This raising the bar across all areas will allow the business to understand and be a cyber safe place of operation.
The program that we offer at BIZITSecurity concentrates on the areas of human behaviour and organisation behaviour. These two elements help inform and support the efforts that will be put forth by the IT team.
The framework questions and activities that we use help management understand where a lift of 1% can be achieved. The human training brings security to top of mind and without overwhelming gets the staff to lift each day just 1%. The framework helps management easily focus security efforts without being panicked.
So when you ask the question of “where do I start and what is most needed?” the answer is everything is needed. There is nothing that you can leave out. However to make it manageable the implementation to a cyber safe business must be spread across small silo elements that can be lifted without breaking an individual, a team or the business.