About Us
DisciplinesCyber AwarenessVulnerability ManagementThreat Response EngineeringIntegrated Risk ManagementCritical Infrastructure
ResourcesArticlesCase StudiesArchives
PartnersContact Us

Cybersecurity is Shockingly Simple ...!!!

Open-CISO

header image
Publish Date :

March 4, 2022

Internet if full of Proof with Incidents and Events

There is plethora of information available conveying the importance and facts pertaining to Cybersecurity. No point talking about the details to convince someone of these facts, take a sneak peak at some stats compiled by Varonis out of which; by far the foremost cause of a cybersecurity incident is a human error. According to one of the reports published by Kroll: 88% of the data breaches in UK were a result of Human Error. And of course: To Err is Human...!!!

At the time writing this article; the world was battling the Corona Virus which has ravaged almost every developed economy with over 1.5 millions affected and 90 thousands dead. On the other hand few countries played the Awareness game - a country with over a billion people with insufficient medical infrastructure kept the infections as low as 0.1 per million population.

On one hand we have had over 5000 breaches exposing over a 7 billion records in 2019; with an average cost of $ 300K to mitigate the breach; major cause of which is Human Error; on the other hand a country with a billion people reporting lowest percentile of infections during a pandemic adhering to just basic awareness and lock down which of course coordinated by those billion people.

Common aspects in both the scenarios are HUMANS and AWARENESS; if they are made aware of Cybersecurity: can we say a big chunk of the data breaches could have been avoided? Most Certainly - YES.

Breaches are distributed across Organizations of different sizes and most of them are well established

Most of these Organizations have well laid out Policies and Procedures - without a doubt

A good number of these organizations must have had Cybersecurity policies - which make sense given they are established well

With the nature of business conducted by these Organizations - its obvious that the employees are skilled and resourceful

With the Global Presence - these organizations are definitely not NOVICE to technology

What we have on the other side are

  • The organizations Governance structure - does it allow to pan through Strategic, Tactical and Operational layers with interconnecting Goals and Objectives
  • Is Cybersecurity one of them? Do they have End to End visibility from 30000 ft to ground zero?
  • How Cyber-Aware are the employees ? Are there KRIs, KGIs, KPIs and are they linked to Business and Employee Objectives?
  • Most important: is there a program to measure the awareness? Given the magnitude of cost implications how frequently the awareness is assessed?
  • Even if there is a lack of Cybersecurity budget; but there is definitely a budget set aside for employee training
    • Measure the Security Awareness in the Organization
    • The least an organization can do is to impart Cyber Awareness
    • Most of the Product companies in Cyber Domain have tutorials, publications and awareness material handy
    • Start from the Entry point into the Organization, cover everyone till the Top Executive
  • Now the Second part of it: Employees have to use all the available technology to deliver Business

Technology means: Hardware, Software, Firmware, OS, Configurations etc etc. How frequently do they get updated?

Is there a program to manage the updates and upgrades: A Patch Management Policy

Unless there are applications dependent on H/W, S/W versions - any power user can update their computing device

With most of the Business moving to Cloud - there should be no reason why Cybersecurity cannot be achieved at least to a level.

With the above Context of exploiting and upgrading Human Intelligence with the Cyber-Awareness

  • Are the employees susceptible to Phishing ?
  • With Patch Updates and Hardware I/O Options self managed - Can Malware be introduced in the Business Environment?
  • With a combination of access controls such as MFA + Password Complexity - Can the Identity be compromised?
  • Keeping all Business critical data in Cloud with a layered defense - How like is a data breach?
  • If Cyber-score is a part of Employee Performance - What would be the Over all Organizations Security Posture?
  • Do all the C-Suite executives have a Cybersecurity Metric embedded in their Goals and Objectives?
  • There are Quarterly Business Reviews - what about Quarterly Security Reviews?

Bottom line

A level of Cybersecurity can definitely be achieved with a combination of the below:

  • A Policy to maintain the acquired technology infrastructure w.r.t. Updates and Upgrades
  • A Continues Assessment of Security posture: Both Employees and Business Environment collectively
  • Embed Cybersecurity as one of the Requirements through out the course of conducting the Business
With the likes of FnCyber - Organizations can derive maximum benefit even with a limited Budget

Resources

FNC_Articles_1b17bbe901_x1emkm.png
Articles

Security Strategy and Intelligence - Practices and more

FNC_review_a3beba951c_jnlloq.png
Case Studies

Realworld Business Challenges - Keep it Targeted and Simple

FNC_webinar_a1ff8cc3d3_gtwr49.png
Archives

Infrastructure Security - What makes it so critical

Cybersecurity is best when seeded into Business Functions. fnCyber™ assures you Direct and Uncomplicated Cybersecurity Consulting.

Contact Us

Get in Touch

mail
one@fncyber.com

Follow us on Social Media

linkedin
@fnCyber
twitter
@fnCyberSecurity

Our Addresses

location
India : Level 1, Salarpuria Knowledge City, InOrbit Mall Road, HITEC City, Hyderabad, Telangana 500081 India
location
Netherlands: 6th Floor, HSD Campus Wilhelmina van Pruisenweg 104 2595 AN Den Haag
+31(0)70 2045180
About Us
Open CISO Program
Contact Us
Disciplines
Critical Infrustructure
Integrated Risk Management
Threat Response Engineering
Vulnerability Management
Cyber Awareness
Privacy Policy
Cookie Policy
Resources
Articles
Case Studies
Archives
COPYRIGHT © 2023 FNCYBER, INC. ALL RIGHTS RESERVED.
For information about how we collect, use, share or otherwise process information about you, please see our privacy policy.
icon
icon