Top of any company’s cyber security checklist should be ensuring that the cyber security strategy is taking all changes in the operating environment into account, says BAE Systems
1. Understand the cyber risk
“New technologies bring new opportunities, but they also introduce new risks,” said Neal Watkins, chief product officer at BAE Systems.“As companies acquire and integrate other companies and technologies, we need to look at the new risks that brings,” he said .
This includes looking for potential risks introduced by third parties, contractors and changes in the supply chain.
Top of any company’s cyber security checklist should be ensuring that the cyber security strategy is taking all changes in the operating environment into account.
“It is important to have a living, breathing cyber security strategy that you review and update on an ongoing basis to capture all of these new risks,” said Watkins.
2. Have the right security controls
Once vulnerabilities have been identified, BAE Systems said businesses need to be prepared to make big decisions if vulnerabilities are critical.CW+
Features
Enjoy the benefits of CW+ membership.
-
E-Zine
Balancing speed and risk in IT projects
-
E-Handbook
Secunia Vulnerability Review
-
E-Handbook
Data Breach Readiness 2.0
“There needs to be the courage in making the difficult decisions on what systems and services are protected, and at what level, which could be crucial to retaining a customer or client,” he said.
3. Balance business and risk
At the absolute minimum, business directors need to understand what the most critical assets are and key areas of vulnerability.“Businesses need to make the right decision that balances security risk against commercial necessity and does the right thing by the business and customers in the long term,” said Watkins.
Leaders should discuss what cyber risk they are prepared to take, and how much they want to invest to manage it.
“There needs to be the courage in making the difficult decisions on what systems and services are protected, and at what level,” said Watkins.
4. Build a defensive culture with security-by-design
Security needs to be ingrained into the company culture, according to BAE Systems. Security by design, said Watkins, involves everybody making sure they are working securely, whatever role in the company they have.“It’s about everyone ensuring the tasks they complete are secure in terms of process and execution, whether they are writing code in an application, delivering a service or responding to a customer or handling their data,” he said.
According to BAE Systems, security analytics, threat intelligence and situational awareness can help in discovering where the vulnerabilities are.
5. Prepare a response
Finally, the security firm noted that no security is completely effective, and there is always a chance of a successful attack.For this reason, having a plan in place to respond and repair is what makes the difference between a full-blown crisis and a problem that can be tackled.
“In the event of an attack or crisis, people will be measured in terms of how they respond, and making sure you have a well-thought-through, rehearsed and tested response plan is going to be critical,” he said.
The way people respond to a cyber attack or incident, according to BAE Systems, will have a major effect on operational impact and loss of productivity, as well as customer confidence.
Post a Comment