Demo
Strategic Cyber Security Advice for Executives - Talion

The market is awash with tactical advice on tactical things that organisations should do to manage cyber risk (awareness training, filtering suspicious emails, segregating and backing up sensitive data, patching software vulnerabilities, etc). This advice is for senior executives to help guide their organisations as the develop or mature their cyber security programme.

  1. Have ‘skin in the game’: make those responsible for managing risk define the cyber risk management strategy: avoid the mistakes made by financial sector regulators in for example, allowing banks’ capital requirements be set by the ratings agencies. Not only are ratings agencies not responsible for managing banking risk, but they are also susceptible to market pressure. It is they who set disastrously low risk ratings to new and lethal financial products like collaterised debt obligations which caused the 2007 financial crisis. Executives need to have ‘skin in the game’.
  2. Compensate for biases that mar our risk judgements: we trust celebrity endorsements, people in suits, anything printed – especially charts and precise numbers even when they are wrong. We are prone to the illusion of certainty. Our risk perception frailties are well documented. Recognise them and compensate for them.
  3. Favour discretion over rules: cyber security based on compliance to rules or standards may make it easier to get through client audits, but it may not make you secure. Standards take many years to agree and implement, by which time the cyber threat has moved on, and they reflect the minimum capability that standard-setters consider to be generally appropriate, rather than a target capability. Excessive emphasis on codes of compliance rather than responsibility gives rise to complacency and raises the risk of failure. Independently scrutinise standards set by consensus and create a logical, defensible cyber risk strategy, specific and appropriate to your firm.
  4. Adopt a barbell security strategy: a combination of high and low-risk management strategies, avoiding the middle ground. Protect to the maximum extent possible IT systems that host your critical data and take more risk with the rest of your network.
  5. Rehearse what to do when a security incident happens: periodic testing of your security incident response fitness effectively vaccinates your firm against a breach and making it “anti-fragile”. Companies that have shown greatest resilience in the face of a security incident are those that have learned how to operate without internet access or even without IT. Make provisions for re-building your IT from scratch.
  6. Insure yourself against the unanticipated: the only scenarios we can test are those that we can anticipate, so put in place cyber insurance to protect you from the unanticipated events.
 
Leave a comment
Filed in Blog, by Talion. 0 comments
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
24x7x365 UK-based Security Operations Centre
Talion
Service underpinned by market leading threat intelligence team
Talion
Continually developed threat relevant content, backed by SLAs
Talion
MDR service has featured in the Gartner Magic Quadrant for 6 consecutive years
Talion
Experts in SIEM and SOAR technology
Talion
UK-based Senior Leadership
I'm ready
Request a more in-depth demo.
Discuss your cyber security needs
Fill in the form below and one of our team will be in touch to arrange your demo.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Send us a message

Give us a brief description of what you’re looking for and we’ll put you in touch with the best person.