The 17th Annual New York State Cyber Security Conference kicked off in Albany, NY earlier this week. Each year, the conference is attended by over a thousand delegates who are working to understand how to improve organizational cyber security and to mitigate the growing risks. Proceedings began on day one with a keynote round-table featuring a host of industry luminaries, which focused on the high probability that the majority of organizations have already been breached and the need to establish an integrated and embedded cyber security strategy within all enterprises. The recognition that threat intelligence needs to be articulated to C-Level executives, in terms of potential business impact, was also highlighted.
Representing team Nettitude at the conference was our CTO, Ben Densham, who gave a presentation on ‘Cyber Security Strategy: Managing your controls in the context of risk’. Organizations often implement multiple controls to address internal cyber security concerns and many are implemented due to compliance pressures or because of IT developments and changes. However, cyber breach reports frequently show that many implemented controls are ineffective at preventing and detecting malicious activity when it inevitably occurs. Is this because they are simply not up to task, or perhaps due to incorrect configuration? Or are the wrong controls being applied altogether?
Ben considered these points and took a high-level look at what is happening within both the threat landscape and the industry as a whole, asking the question: Who is deciding what is to be protected and why within your organization? This question should ultimately form the basis for an understanding of the risks that need to be mitigated, the threats that need to be defended against, and the vulnerabilities that should be addressed.
After all, understanding the right controls to implement and the overall objective is crucial for all organizations. Business decision makers should be asking themselves what their cyber strategy should look like? How should this be governed and implemented? How do you measure the effectiveness of your controls? And finally, are you realizing and addressing the real risk to your business?
To contact Nettitude's editor, please email firstname.lastname@example.org.