PA Consulting Group
Search our site
  • Phone
  • Contact us
  • Locations
  • Search
  • Menu

share

  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
View or print a PDF of this page
.

"Closing all the gaps is impossible. It is important to accept that some cyber attacks will succeed – and to instead plan for and focus on managing the risk."


Ed Savage, PA cyber security Expert

CIO Forum - Tackling the challenges of cyber security

At PA's recent CIO Forum, business and IT leaders from across the public and private sectors discussed the challenges facing organisations today in developing an effective cyber security strategy.

With cyber-related stories regularly appearing in the front page news, this timely forum provided the opportunity for attendees to share their ideas about, and experiences of, effective cyber security. A short summary of the key points is provided below.

  • Virtually all business assets are now vulnerable in cyberspace - the game is the same but the scale and scope of threat, and the potency are more significant than ever. Cyber opens the front door to more people. Physical connectivity between almost everything makes a remote attack more likely, and the potential to do harm is increased. However, not all of an organisation's information assets may need protecting to the same levels.

  • People are a key part of an effective cyber security strategy - as such, they need to be included in the entirety of any policy, process or 'solution' to an organisation's cyber security. If, in an organisation the people are the key  asset, treat them as such, and look at the risks they face in performing their role for your organisation, but it is also important to remember what impact they could have on an organisation if they become a 'compromised asset'. To note,  there is very little in the way of effective technological defences against human error.

  • Agility and intelligence-led security are leading the way - there are clear benefits of moving from compliance to risk management and ultimately intelligence-led security. This is about being more proactive, for example, scanning social media to determine where the threats may come from; rehearsing for the attacks; and conducting forensics after an attack. Organisations need to continually look ahead,plan and respond much more quickly to attacks.

  • Get the balance and business case right for investment in cyber security - an organisation should focus investment on its most valuable assets (not just financial, but also reputational ones) and create the business case for investment.

  • The cyber security talent pool needs consideration and development - cyber security skills are in short supply and the more traditional educational background may not always provide the right skills that are now required. It may be better to grow the capability internally or look at new sources for recruitment.

Contact us now to register your interest in future cyber security events.

To speak to one of our cyber security experts about helping your organisation develop an effective cyber security strategy, please contact us now.

Contact
Nick Chaffey
Defence, security and resilience
contact us now