To be successful in your cybersecurity posture you will need to have a plan. By a plan I mean a written comprehensive plan on what you have currently, what you plan to do to protect yourself, what you plan to do ongoing, and what you plan to do in the case of a major cybersecurity event. All of these components need to be in your plan. Leave one out and you will be playing with fire.
There is an old saying that says “failing to plan, is planning to fail.” This applies double to cybersecurity. We have been talking quite a bit lately about how you keep up with the onslaught of cybersecurity issues and events we face. Well this is one of the cornerstones of a strong cybersecurity posture as well as giving you the tools to deal with the challenges ahead.
What Is Out There
But when I go to visit clients what I see is a pretty dismal picture. Many of my clients do not have any cybersecurity plan at all. And most if they have a plan it is woefully incomplete. There are reasons that we are seeing so many major breaches and this is one of the main ones.
Some companies have a plan but for some reason cannot find it. Some have a plan but it is not based in any facts since they have not done a cybersecurity audit in over two years or even longer. So their plan is based on a limited set of attack vectors reflecting what happened in their last attack, and do not take into account the potentialities of the attack landscape today. All of these issues need to be addressed.
Plan to Succeed
A plan to succeed needs to start with the first things first and progressively move through all of the items in succession. Otherwise, you will not have the tools or materials necessary for the subsequent steps. I talked about this order of cybersecurity interventions here. You will need to be using tools like these to maintain your understanding, your organization, as well as your own knowledge of the progress of your team.
If you are not receiving these types of inputs as well as a comprehensive plan from your cybersecurity resources, then it is time to take a hard look at what type of counsel you are receiving. If you need to get help get it, be it on the inside or the outside.