2 Cyber Security: everyone's problem
This chapter covers
- Developing a list of organizational assets that hackers might target
- Building a profile of potential attackers based on your assets
- Evaluating your existing defences
- Using the three pillars of a successful cyber security strategy (relevant, proportional, and sustainable) to begin to develop a cyber security strategy.
- Using CVE details to understand newly discovered security issues by criticality
- Leveraging CVSS scores to prioritise fixes and patches
- Tying this all together to build a culture of security
Everyone will get hacked. No matter how great your defences are or how well prepared you are, it’s a matter of when, not if. It happens to us all. Companies can spend millions of pounds on security tools and technologies, and still end up in the news for a massive data breach. The important thing, then, is being prepared for the hack, and being able to respond and recover quickly. I want to help you achieve this through better security, and this chapter is all about understanding and building the fundamental skills and concepts you’ll need.
In Chapter 1, we walked through some real world impacts of a security breach. Now we’ll look at what underpins a successfully Cyber Security strategy, and what it’s objectives should be. Building on that, we’ll learn how to communicate, measure, and patch vulnerabilities, which will then feed in to sustaining a culture of security in your organisation.