A podcast version you can find HERE
Every organisation benefits from a strong cyber security policy. Our global society, increasingly dependent on digital support, somehow still largely operates as though we’re all typing letters on a device running Windows 3.1. There’s a growing threat that the increasing number of stories about digital theft, whether big or small, could desensitize us to the dangers we face. We still rely on App developers and others to take responsibility. And let me reassure you, they do… NOT.
Anyone providing critical processes needs to be questioning themselves, their business and their level of cyber security. We find, when setting up our NIS2 frameworks for certification, that it is a very difficult exercise to identify the risks facing a company or service and create a corresponding safety net. Plan B usually does not work and in most cases has never been tested. We have developed a risk management system in Audicy that will form the backbone of NIS2. We use a combination of ISO27001:2022, CIS and NIST to describe the processes that are in place and the underlying policies and operational instructions. Our framework then presents these in the form of questions. What are the associated risks for all parties involved in the business?
The business analyst
You may think cyber security is just a matter of using the right anti-hacking tools, but it’s not that simple.
How can you utilize tools if your boat is full of holes? As long as it doesn’t go through a cyberstorm, the boat may just stay afloat. When designing your Titanic, it would be wise to incorporate additional redundant compartments that can fill up with water. History shows this to be true. It turns out that in very few companies, there is a digital conductor present who can orchestrate the entire ensemble to play the same secure and operationally satisfactory tune. A first exercise is to map out responsibilities. Who monitors and controls which risks? What processes are in place? And are shutdown systems in place in case something triggers the digital minefield? Is there an absolute 100% security guarantee provided by multi-layered security for critical processes and the digital crown jewels? This will have to be mapped out by the business analyst. After this, the individual risk analysts can delve deeper into their respective segments. Here, too, the exercise has an intensity that goes beyond simply relying on tools. Zero trust, you know?
Management can no longer bury its head in the sand. If a costly hack occurs, stakeholders will demand their money back. Just recently, several company executives have been held liable for such cases, resulting in financial losses. Let’s just be honest. If operating rooms had policies like most companies have IT policies, many people would die on the operating table. No doctor likes to pay claims and so they stay alert during operations. I can already hear many of you shouting that this is all too cumbersome, but I disagree. In the companies we work with, we ensure that there is dedication. Those in charge take pride in their unique and effective approach. Ultimately, even those who initially resist eventually embrace our approach.
There is still time?
Time flies though. Would you go to the town hall to apply for your passport just two days before the start of a holiday trip? You might come home empty-handed and without the prospect of that foreign trip. After New Year’s, there are two types of business leaders. One is still waiting to see what happens next, while the other has already taken on their responsibility. Do you want to provide IT services to these companies? Then you will need to be able to present your digital NIS2 passport. Don’t have one? Then you should hurry and hope you can still find outstanding IT experts who have time to help you out. In 1989, I certified Belgium’s first Ford distributor. Thanks to the structure that was put in place at that time, the healthy company was successfully sold for a substantial amount of money in 2019. What I want to demonstrate with this is simply that an investment can repay itself a thousand times over. I have set a goal for myself in my latest mission to assist companies in securing their businesses. When dealing with such companies, I don’t talk about NIS2. Securing business processes and fine-tuning are where profits are generated.
If you want to know more about our unique approach to cyber security, be sure to keep an eye on this website. Exciting developments are on the horizon!