What’s Your #1 Cybersecurity Priority?

Michael Riemer Michael Riemer
February 15, 2019 IoT & Automation

Ready to learn Internet of Things? Browse courses like Cyber Security for the IoT developed by industry thought leaders and Experfy in Harvard Innovation Lab.

It turns out that answering this question is harder than it seems at first blush.

But there is no shortage of suggestions:

  • Ensure 100% of patch updates on open source software (homage to Equifax)
  • Create new board level committee on cyber security (just like compensation or audit)
  • Establish a baseline cyber security exposure measure
  • Add cyber security responsibilities to your HR processes (job descriptions, on-boarding, training, performance reviews)
  • Implement recovery and remediation processes in case of a breach
  • Deploy edge security for early detection

A Difficult Question, It Is

For most business executives (and yoda), the answer to this question is becoming increasingly complex.

The constant stream of new cybersecurity technologies and security acronyms (DLP, APT, GRC, EDR, EUBA, etc.) can be mind numbing to “mere mortals.”

At the same time, good cybersecurity hygiene is a requirement in our digital connected world. Threats are growing daily – from new IoT devices to employee and business partner exposures.

Last year was terrible for corporate victims of cyberattacks, with many large organizations making headlines over reports of major breaches. Ransomware attacks quadrupled to 4,000 per day from 2015 to 2016, according to the  U.S. Department of Justice.

Why Cybersecurity Should Be A No. 1 Business Priority For 2017

Where Do I Start?

While it’s clear that cybersecurity needs to be more mainstream, many executives just don’t know where to start.

Unfortunately this means that a high percentage of companies are not even taking the basic steps.

The top 10 external vulnerabilities accounted for nearly 52 percent of all identified external vulnerabilities Thousands of vulnerabilities account for the other 48 percent.

The top 10 internal vulnerabilities accounted for over 78 percent of all internal vulnerabilities during 2015. All 10 internal vulnerabilities are directly related to outdated patch levels on the target systems.

Heimdal Security Blog & NTT Threat Intelligence Report

Start With Your Business Risks

Begin with your business goals and objectives.

Risks (not just cyber-related) can then be identified and prioritized based on business impact (revenue, expense, and profitability).

Risks should include events or activities that will prevent you from achieving your goals and/or increase the probability of achieving those same goals.

According to Allianz, the top three business risks are: 1) Business interruption (incl. supply chain disruption and vulnerability); 2) Market developments (volatility, intensified competition/new entrants, M&A, market stagnation, market fluctuation); and 3) Cyber incidents (cyber crime, IT failure, data breaches, etc.).

Identify and Prioritize Your IT and OT Risk

The list of possible IT/OT risks and opportunities are numerous and complex. .

But your list does not need to be perfect. Just start somewhere.

What might be “newsworthy” may or may not actually be important or applicable to your business.

News flashes and sound bites are constantly calling our attention to the latest hacks or threats to our cybersecurity that seem to be filling our social media news feeds and television reporting circuits.

Top Online Threats To Your Cybersecurity And How To Deal With Them

Baseline Your IT/OT Risk

There is no single right way to create such a list nor measure them.

There are many other options ranging from qualitative surveys (@cyberriskopportunities) to vulnerability scanning (@tenable).

Recently a cyber equivalent of a FICO credit score was proposed.

NIST has also published a framework to capture cybersecurity-related risk.

Focus on establishing a quantitative measure (e.g the likelihood of the occurrence and the potential impact of such event).

Even if such measure is subjective, it will be invaluable in prioritizing.

Given your cybersecurity maturity, the level of preciseness will vary so don’t worry about it being perfect to start.

Creating and Implementing a Plan

Your analysis will likely have more than one prioritized action.

Pick just a few — start small and get some wins under your belt.

Remember cybersecurity is as much as management issue as a technology one.

No matter where you start, it’s better than not starting at all.

Your plan can and should always be evolving.

KISS – Your Cybersecurity Priorities & Plan

  1. Start with a clear understanding of your business objectives.
  2. Identify potential risks
  3. Prioritize a limited number of cybersecurity risks based on your IT/OT deployments
  4. Design, deliver and manage a plan (people, process and technology).
  5. Wash, rinse and repeat

May the force be with you.

  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

    • Michael Riemer

    Tags
    Internet of Things
    © 2021, Experfy Inc. All rights reserved.
    Leave a Comment
    Next Post
    The role of the data curator: Make data scientists more productive

    The role of the data curator: Make data scientists more productive

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in IoT & Automation
    IoT & Automation
    Could the IoT Help End Hunger? Farmers Are Finding Out

    Internet of Things (IoT) gadgets are everywhere. Cars, buildings, roadways, airplanes, home appliances, and other items have tens of billions of sensors, processors, and internet-connected gadgets. IoT devices detect motion, regulate temperature, share and collect data, measure weather, and provide location information, power logistics, and medical research. They also enable self-driving vehicles, to name just

    5 MINUTES READ Continue Reading »
    IoT & Automation
    10 Biggest Opportunities for IoT Innovation in 2021

    IoT is a powerful economic driver. IoT Innovation is actively shaping businesses and consumer trends. Most of the technologies developed before and during the pandemic address the Internet of Things directly or indirectly. From healthcare and retail to automobile and manufacturing, IoT innovations are opening new avenues across industries.  It covers almost every segment of

    8 MINUTES READ Continue Reading »
    IoT & Automation
    10 Things to Consider When Starting an IoT Project

    One of the biggest issues companies face when starting an IoT project is deciding who should be responsible. Should it be the engineering team that is responsible for the core technicalities of the device, or should it be the product management team that is responsible for the end functionalities of the IoT product? Starting on

    8 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: support@experfy.com

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2024, Experfy Inc. All rights reserved.