Playing chess assumes you comply with the rules and demonstrate appropriate behaviours and manners. The general theme is to be a good sport and respect your opponent – whether you’re friends or not. So, how is cyber security like playing chess with a pigeon?
More pigeon than Kasparov
You begin by shaking hands, you are individually and solely responsible for noting all threats against you, you may not distract your opponent, words are irrelevant. Following a win or defeat do not gloat or become hostile, but quietly analyse the game, together.
Unfortunately, no-one told the pigeon. Play chess with a pigeon and he will likely land, scatter pieces, take his king and fly off…leaving an unholy mess in his wake.
Sadly, for most of us, our threats are (if you will pardon the analogy), more pigeon than Kasparov.
No time to plan your next move
None of us know when, where, why or in what form the next cyber threat will emerge. There’s no time for a handshake let alone hours to contemplate each other’s next move. This dictates a level of preparedness directly proportional to the value of our risk.
The basics are critical: put your 10 Steps in place, get your Cyber Essentials
, have a policy and make sure this is not just a CISO/CTO issue but a Boardroom one. Joint and collective responsibility.
But what about the pigeon?
Well, this is where it gets a little but trickier. If you don’t have the basics
(up-to-date software, good password management etc) then the pigeon won’t bother getting out of his nest...he’ll just send in the squab for kicks. Very messy.
If you’ve got the basics, the task is that bit harder for him.
Cyber attackers are getting faster and sharper
The pigeon needs to start thinking and if he can be bothered to do that rather than dropping you and moving on to an easier target, then you need to have a little more in place i.e. there are no obvious open windows for the pigeon to fly though.
You need to already know where your vulnerabilities lie and be removing or mitigating them on a regular basis. You need to know more about what a potential adversary might see when they take a look at your organisation than they do – and be doing something about it – before they do.
This dictates that a once a year test and cert is not enough. It is out of date the moment the ink is dry. Our cyber attackers are getting faster and sharper all the time – physically and technically. Complacence is not an option. Both FedEx and Lloyds have stated their recent attacks cost in excess of $300m. For UK small businesses your starting price is at least a few thousand pounds
which you may or may not have in your back pocket at the time.
Getting your people and processes in place is absolutely vital.
Augmenting that with rapid action technology that takes away the heavy lifting, alerts you to new vulnerabilities and presents remediation solutions is simply smart business.
Ultimately, we also need technical solutions to make our people and process components smart and agile too. But that’s another story…
Visit us at the UK Security Expo’s CNI Conference (29th & 30th November 2017)