The obvious equation people think of is: cyber = tech; however, rarely is that the case. Cyber security is as much, if not more, about culture, human behaviour and training as it is technology.
Simply building strong walls to try and stop the "bad guys" is not enough. Simply put, no wall can be built to withhold all attacks, and still allow the business it is protecting to function. Therefore, businesses need to look to a wider, more comprehensive set of controls to help protect themselves - including how they react to an incident.
There is not a "one size fits all" solution to cyber security and it is essential that businesses of all shapes and sizes take a close look at what they currently do, what their risks and exposures are and how they then address any gaps through remediation.
If the first step is to start thinking of cyber not just being a "tech problem," the second step should be for businesses to conduct an independent security assessment of their current environment so that they can decide how and where to take action.
...as well as user error, common issues include poorly secured networks and poor detection for attacks – which are risks that can be mitigated with a change in the mindset of cybersecurity being a “tech problem”. “Security’s become a daily problem and it shouldn’t be. It should be built in. It should be the way organisations think about governance, managing risk and mitigating issues,”... It is critical to understand where your attack points are going to be. This could mean employee training, the types of hardware or software you use or how you store customer data. Businesses shouldn’t think of cybersecurity as a set and forget function, but as a consistent element in governance and risk management activities, that can scale up as the business grows, and be proactive in dealing with potential threats online.
