I found this article while searching for something on NIST, and I felt that it was rather refreshing in terms of the message it was trying to convey. With all the buzzwords and breach horror stories, it’s easy for companies to lose track of what cybersecurity is all about, and fall into a rabbit hole of fear and spending. This article was based on some research conducted by ESET, a Europe-based leader in IT security, and it highlighted the basics to cybersecurity in five points.
I particularly enjoyed the first and final points, as those – in my opinion – are the two most forgotten “basics” of the bunch. The first point stressed the importance of understanding the risks associated with your business (critical systems, information, etc.) and start by mitigating those first. By taking an organized, yet comprehensive, look at this, it can help a company bolster security where it counts while reducing costs – as opposed to wasteful spending.
The last point was about how cybersecurity is a team effort; the quote I liked was “The one(s) responsible for security has to be able to provide short and clear explanations in order to to get all of the different stakeholders in the company to participate.” In other words, it’s our job to communicate the risks and translate the data, clearly, in a language that business owners can understand so that the collective team can make informed decisions – and if that is successfully done, securing the organization becomes that much easier.