InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
You already have strategies for umpteen parts of your enterprise. Now you should develop yet another strategy for cyber security? Only the biggest companies need one, and even then – that’s what you think. Unfortunately, many enterprises think the same as you do. A report, recently published by swissVR Monitor, says that only 35% Swiss enterprises have defined a cyber security strategy, by which we mean a long-term guidance that goes beyond specific situations, looking at a horizon of three to five years, and reviewed yearly. Here are the benefits that such a strategy can bring to your enterprise.
With every day, each of us becomes more dependent on digital technologies. This means enterprises, but also you and I, dear reader. Digital technologies, communication, infrastructures and systems are essential to most enterprises. Information and data must be always immediately and constantly available. Interconnected technologies and interfaces are also essential, for needs such as ordering materials, just-in-time production, online commerce, cloud services, IoT, cloud data centers etc. However, we need to take care, because all these technologies are exposed to cyber risks.
Of course, integrated planning and the usual cyber risks are found in almost every project plan. But is there a fundamental cyber strategy in place? What are the optimal controls for unexpected situations? What are the business expectations? What processes are in place in case of a security incident, such as e.g. hackers intruding some management system? Which of the technical and organisational interfaces are critical?
Here is a small list of current themes and cyber threats, which you should include in your strategy:
What should you do, as an entrepreneur, with these issues? Of course, we believe that a cyber security strategy is unavoidable; you need to develop a strategy that addresses the security requirements and targets of your own business, and brings them into balance; this means that you will confront each group of issues separately, and address them with specific strategies.
…such as, for instance:
It is not by chance that strategies belong to management, and this applies to cyber security too. All stakeholders in your company expect management to get themselves busy with this theme, and that they gain a good understanding of the issues. This means that not only the strategy alone must be addressed, but also its implementation; and here, working side by side with internal specialists is almost unavoidable. This is the only way in which the complexity of the issues can be fully understood, expectations can be met, and the interested parties’ trust reinforced.
You must always keep in mind that hackers become ever more professional. Attack vectors change all the time, and in the future attacks will increase in frequency and severity. And do not even think of writing a cyber security strategy just to say you have one, then print it out and leave it in your drawer to gather dust. It must be alive, people must abide by it, and you will regularly review and adapt it. A good strategy will contain elements of prevention, detection and reaction, and it will also consider restoration after a complete failure. To this end, we suggest using the NIST Cyber Security Framework as a starting point.
Do you need help to develop and implement your cyber security strategy? Or maybe you need advice from experienced consultants? With our comprehensive offering and wide experience, we understand our clients’ needs in full: including yours, for sure. Call us today, we shall be pleased to advise you!