Whilst cyber catastrophes make headlines, the parallels to natural disasters or acts of war are missing vital pieces necessary for response options to become available. Examining the absent portions -provisions where we stand at present and how far we've to go.
Cyber Archipelago
In implementing Zero Trust there are challenges with an inward facing cyber strategy that doesn't include external connections.
Digitally Weaving Zero Trust
Biden's EO 14028 challenges the entire US government cyber ecosystem to rethink how we weave various digital components - inclusion, security, trust into the digital fabric we rely upon. Here we start unpacking various threads needing woven into future developments.
Crisis Headlong
Constant crisis has raised the noise threshold to deafening, creating difficulty in finding your organisation's signal - making it difficult to take stock after managing one crisis whilst preparing before the next one hits. It needn't be so.
Crisis at Scale
We already have moved to an understanding of crisis being part of our BAU, much like the tide it ebbs and flows with regularity. Constant crisis creates new tolerance thresholds whilst shifting perception away from incidents being of note or cause for alarm. No sirens are sounded, as the chorus would be indistinguishable.
On Task Force Bounds
Reading the recent report from the Ransomware Task Force reminds us of the advantages and limitations task forces offer. In any cresting malicious cyber trend, the tide go out when the monetary spends exceed gains. Bounds imposed on task forces create challenges for lasting change.
Securing Third-Party App Risk and Controls
One of the most recognised risks is third party/ app supplier risks, as they provision the tools used to create your business' client services. Here is how to create a simple path, limiting disruption from a cyber event.
Separating Actors and Actions in CTI
Using traditional intelligence models in private sector often doesn't account for the difference in audience and scope of responses available. By separating the focus between actors and actions, CTI practitioners can focus on delivering actionable intel to decision-makers thus also building the case for cyber as a value generating component of the P&L.
Resetting VCAT
If we focus on how to get the best out of the team without focusing on the team, we look at process and results without looking at team dynamics. The difference between liking what you do logically, and loving what you do on a deeper emotional level is rooted in the team having good dynamics and feeling like they are part of a purposeful whole. Resetting VCAT is a way we build and re-build the team.
Pearl Steps
It's said you can't step into the same river twice, and oysters create layers of beauty encapsulating threat. Lessons from both in the growth of individuals and organisations.
