It is exciting times in the information security and risk management industry. We are starting to look at the real issues behind cyber attacks and take a very different approach. Finally, we are taking a close look at risk management when it comes to architecting our defences.
There is a lot of talk about the move from protection to detection and response. For me, all aspects of risk management need to be considered when addressing the constantly changing cyber threats. Organisations cannot continue to look at trying to react faster and faster to a breach because they will never achieve this. The first step must be to protect, and we are now starting to see innovation technologies get their heads around this.
Individuals are also part of the problem and part of the solution. At a recent Gartner event, a keynote speaker mentioned the phrase “consciously aware”, which he described as the state we are in when we drive a car. We know the risks and are aware of the environment around us but we listen to the radio and carry on a conversation while being consciously aware of the situation around us. This has to be replicated in business. Further education is therefore essential in ensuring that everyone knows and appreciates the issues that are created by not being consciously aware of the cyber threats. Everyone needs to understand the potential risks when they are opening emails, shopping online or interacting through social media.
Finally, the message that it is not all about technology is starting to hit home as the skills shortage in the industry highlights and the latest headlines enforce. People, process and procedure are all important components of cyber defence. Technology alone will not reduce the cyber risks for a business.