Cybersecurity Rules of Thumb

Working in information security is sometimes a bit like playing Tetris: your successes disappear but your failures accumulate. When information security works flawlessly, it is invisible. And rarely is anyone thanked for stopping a disaster that didn't happen.

Time and again we see that the greatest risk to us as individuals, and to our organizations, is us.

What are some ways you can mitigate this? Note, we won’t go into too much depth on this here, but some things to consider are:

• putting a governance framework around it

• having strong security processes

• developing for failure – testing to see how it can be broken and fixing during development

• checking data is encrypted in transit and at rest

• acc

The answer, I believe, lies in fostering a strong cybersecurity culture within organisations. It’s not enough to simply implement technical solutions and hope for the best; we must fundamentally change the way we think about and approach cybersecurity. This means embedding security into every aspect of an organisation’s operations, from the boardro

Both Easterly and Zhora emphasize the need for organizations to embrace cybersecurity as an enabler for confidently achieving business objectives. Zhora notes that forgoing expansion opportunities due to cyber risks can sometimes pose greater existential threats than pressing forward despite potential dangers. Calculated risk-taking is necessary to

Companies' cultures need to change. You need to become concerned about every new piece of software, every new connection and every new piece of data -- whether or not you're required by law to care. If some piece of software doesn't contribute to your core business, don't allow it. If some new Internet-connected service isn't part of your mission,