Cyber security – you don’t have to be an expert

New Zealand Security Magazine, February-March 2019

Andrew Scothern
Andrew Scothern, Chief Software Architect at Gallagher.

Cyber is a topic that can make people switch off straight away, particularly when it comes to cyber risks in their security system. Apathy, fear or unfamiliarity can all play a part, writes Andrew Scothern, Chief Software Architect at Gallagher.

The good news is, you don’t have to be an expert to address the cyber security of your security system. You just have to understand the cost to your business of not doing it, and care enough to act. 

Assess the level of threat

Start by getting an understanding of the cost of a cyber breach in your system. Threat modelling will help you discover what risks you face, which threat actors you really care about, and determine the solutions you need to focus on. What’s the worst that can happen to your business and brand? How much could it cost you and what’s it worth? 

It’s important to keep things in perspective. Banks, prisons and high security government buildings have very different requirements to an office building or university. Different aspects of your security system will also have lower or higher levels of importance, depending on your operating environment. 

Determine your priorities, or you could end up down a time-consuming (and potentially very expensive) cyber-security rabbit hole.

Use the expertise of those around you

If cyber-security is not in your wheel-house, that’s ok. But it does mean you need to partner with people who do have the knowledge to help you make the best decisions for your business. They can be found anywhere – in your IT department, your security company’s hardening guide, or even bringing in external consultants. Leverage off the people around you and make good use of what they know. 

Enjoying this article? Consider a subscription to the print edition of New Zealand Security Magazine.

Of course, it never hurts to upskill yourself as well. There are many cyber security journals and online resources you can use to increase your knowledge of the cyber threat landscape and how to address business risk:

Plan for the worst

Being aware of the cyber threat landscape and making use of expert knowledge will help prevent cyber breaches, but you also need to plan for recovery in case the worst happens. Regularly back up your systems, keep the back-ups isolated, and have a plan to rebuild in the event of a cyber-attack compromising your system. 

It’s not a happy thought, but if you have a response plan in place the down-time and damage can be mitigated. Most of all, get your IT team involved – they have a vested interest in both getting cyber security measures right and having an action plan in place, when they’ll be the ones spending days rebuilding the system after a cyber breach.  

Ultimately, it’s up to you to decide what level of risk your business needs to address when it comes to cyber security of your security system. Make sure it’s a conscious decision based on threat assessment, expert support and ongoing auditing and awareness of the threat landscape – not a head in the sand decision based on fear or misunderstanding.