Science of CyberSecurity: Thoughts on the current state of Cyber Security

As part of a profile interview for Science of Cybersecurity I was asked five questions on cyber security last week, here’s question 1 of 5.

Q. What are your thoughts on the current state of cybersecurity, both for organizations and for consumers?
Thanks to regular sensational media hacking headlines most organisational leaders are worried about their organisation’s cyber security posture, but they often lack the appropriate expert support in helping them properly understand their organisation’s cyber risk. To address the cyber security concern, an ‘off the peg’ industry best practice check box approach is often resorted to. However, this one-size-fits-all strategy is far from cost effective and only provides limited assurance in protecting against modern cyber attacks, given every organisation is unique, and cyber threat adversaries continually evolve their tactics and methodologies. In these difficult financial times of limiting cyber security budgets, it is important for the cyber security effort to be prioritised and targeted. To achieve this, the cyber security strategy should be born out of threat intelligence, threat assessing and a cyber risk assessment. This provides organisational leaders with the information to take effective cyber security strategy decisions, and to allocate funding and resources based on a subject matter they do understand well, business risk. Nothing can ever be 100% safeguarded; cyber security is and always should be a continual risk based undertaking, and requires an organisation risk tailored cyber security strategy, which is properly understood and led from the very top of the organisation. This is what it takes to stay ahead in the cyber security game.

This is a Security Bloggers Network syndicated blog post authored by Dave Whitelegg. Read the original post at: IT Security Expert Blog