You wouldn’t buy a car and then give it to a monkey to look after so why spend all this money on amazing security technology just to have some Johnny big balls look after it without really knowing how.
It is the person behind the machine that makes decisions on risk, not the machine itself. If you can programme the machine to respond quicker in a repeatable and defensible way, fab, but it is the human mind behind the decision making, we decide on the threats and the response.
So, what does this mean? It means, organisations must proactively decide whether employees, third parties, outsource parties, vendors, insurers and consultants are on their side and don’t have an ulterior motive, such as wanting to hack it. Equally, that the person you pay to manage your cyber security isn’t some ‘sell you the dream but I don’t really know the ins and outs type of person.’
Staff that are good at budgeting, planning and managing operations don’t usually operate well in a crisis when decisions must be made quickly. Employees and third parties that have stretched the trust to gain their job in the first place, usually fail to perform at the first sign of crisis and many of those chosen to ‘protect’ a business treat it more as an ‘opportunity’. When faced with a crisis they either choose to elevate the seriousness of the incident or as a justification to sell more technology. Put simply they can’t hack it.
Security people care about one thing, minimising impact and likelihood of risk and exist to ‘serve’ the board – choose your cyber security team wisely
It’s all about trust. Trusting them not to make a hack of it.
Contact the trusted team of experts at Infosec Partners today for impartial cyber security advice.