Blog

Five challenges 

First, the objective of improving cybersecurity is vague and broad. Sometimes organizations struggle on how to measure any improvements to their cybersecurity posture or post-investment. What is even worst, it’s that you may be measuring the wrong thing. In 2015, the Global Information Security Workforce Study (GISWS) conducted a survey of more than 14,000 security professionals, of which 1,800 were federal employees. The survey concluded that we are not just getting better, but we are going backward.  

Although it seems pessimistic, it is supported by facts; in 2014, one billion records were compromised the year before the survey, which triggered Forbes magazine to refer to 2014 as “the year of the data breach.” If you jump forward to 2021 and benefit from hindsight, we can confirm that the GISWS survey’s conclusion that we are going...

I read an article the other day titled, “Global utilities lacking basic cybersecurity practices.” Although the article was focused on utilities, the guidance applies to every industry, so I will touch on a few recommendations that could be useful to you as well, regardless of industry.
The article was based on an interview with Rafael Narezzi, Chief Technology Officer at CF Partners. In the webinar, Narezzi urged energy companies to increase investments in cybersecurity and be proactive. In addition to investments, he encouraged companies to make cybersecurity a main driving force of the business.
Let’s reflect on this statement; it says to increase investment in cybersecurity, which would be wise for any organization; however, increasing investment without a strategy would be detrimental to any business, especially small to medium-sized companies. Perhaps I’m taking this statement out of context, and Narezzi’s audience knew what he meant with it, but let...

Assets Classification

Let us start with why asset classification is so essential; asset classification is the foundation of everything else to come in cybersecurity; it will help your organization, for example, small or large, to better understand, manage, identify, and classify your assets. Here is the challenge, the business will hear, "oh, you want to spend how much, just to know what we have, which you should have known to begin with?" These are tricky questions to answer, as the business sees no value in this effort, it is not making their product or service better, the customer does not see any improvements in service or features, and so on.

However, it will assist your leadership in determining which processes and assets are the most important in assuring critical operations, service delivery, and overall business resilience. This, in turn, indicates where to focus your cybersecurity investments in a world of limited budgets and increasing costs. Now you could...