After a gruelling few months battling with WannaCry, Petya and NotPetya, our cybersecurity operations teams have finally had some time to regroup and re-establish some semblance of calm. Respite couldn’t have come soon enough for most, since even the most battle-hardened op teams were feeling the pressure, especially since it’s only a matter of time before the game changes yet again. The media seems to think that cybersecurity is about protecting the data whizzing around our networks, and through one single lens they would be right. But there is a complexity to our world that most don’t see. We are defending against the bad guys with firewalls, anti-malware software and intrusion protection systems, but our jobs are multifaceted, requiring us to assume the role of frontline troops, captains and commanders, weapons experts, smart bomb operators and UAV pilots, intelligence operatives and the secret police, while most of the time our own managers have no idea what we do. Susan is simply the security girl who sorts stuff out. And until now, we have gritted our teeth and got on with the job.
However, security is an intractable problem in today’s business, where cybersecurity won’t prevail without due care and comprehension being paid by the business. Groan, I hear you sigh, here comes the same old trite messages of, “Talk to the board,” or, “Use language they understand,” and, “Only escalate what you think the need to hear.” But the latest changes in legislation, with Mandatory Breach Notification in Australia and General Data Protection Regulations (GDPR) in the EU really do change the game. In fact, the pitch has changed, the goals have shifted and, let’s face it, most of our career has been spent being ignored, it’s about time everyone read the bloody rule book. The reality is that a breach that is ignored can now leads to massive fines, imprisonment and the ruining of lives and companies…Click HERE to read full article.