Security is a Board level concern. So how do you frame the big security questions in business terms?
“What would happen if we were hacked and our ERP system was down for two days?”
“What if a virus like notPetya locked us out of our computers and we couldn’t get ships in and out of the port?”
“What if our key card ID system wouldn’t allow anyone into the building one morning?”
Being able to ask and discuss the answers to these questions is the key to creating a robust security posture.
A security posture is an organisation’s approach to all aspects of security. The watchwords for any strong security posture should be recoverability and resilience. It doesn’t just highlight how you will protect things. It also highlights how you will detect new threats and respond if the worst does happen.
These worst-case scenarios are not just limited to cyber attacks such as a malware or phishing. They include any type of security breach-from malicious insiders to accidental data loss. They include days when staff are unable to do their jobs because of a contagious illness or site access failure. They also include times when workflows are disrupted by a lack of data or when systems go offline.
It’s no good putting up firewalls to protect web apps if the physical ID system is vulnerable. And vice versa. Therefore, the organisation’s security posture should address three key variables:
None of these is static so the security posture must be a living document that is constantly owned and updated. There will be new external threats as hackers hone their skills. There will also be new internal weaknesses created by the opening of new branches and offices or the creation of new business workflows.
Since every organisation is different, your security posture is yours and yours alone. Yet one thing is universal: the need for continual improvement.
It is challenging to do this across all your technologies, people, and processes. Especially when it involves answering some tough questions about your organisation. However, ABCOM can help you maintain a robust security posture by supporting you on the technical side.