Intelligent CIO Europe Issue 56 - Page 79

t cht lk

t cht lk

Businesses also require an incident response plan should the worst happen . Understanding who makes the decisions within the business and how you choose to react ahead of time can help during an incident to ensure it is properly managed . You don ’ t want to be making decisions during an event – you want to be doing that in advance . Having in place good incident response plans and the right partners to help you is a proactive measure that all organisations should take .
How can organisations take a proactive approach to defence and how does that weigh up against reactive measures ?
One of the best things you can do proactively is to build an inventory of your systems , both in terms of what you physically have and need to protect and how they support the operations of your business . This helps identify the ‘ crown jewels ’ – of your estate .
You need to know what you can ’ t afford to lose and once you understand the most important processes and procedures , you can start to look at what technology supports those . From there , how are those things connected to the wider estate and how might a threat manifest within that space ? By looking at those things in advance , you can take the most appropriate preventative actions .
It can be tempting to look at the tools you use and try to implement them everywhere but it ’ s very difficult to manage every single risk down to zero . By focusing proactively on the most important areas of business and deploying capabilities in those places first , you can have the maximum impact on mitigating the overall risk .
What advice would you offer organisations in this sector looking to take steps to improve their security posture ?
The key areas to focus on will very much depend on the environment you have . The first thing for any energy company to do is to get an understanding of the environment in which they operate and layer on top of the known threats to those environments .
It ’ s very easy to hypothesise about new emerging threats and new capabilities that actors might have but it ’ s most realistic to focus on the events that have occurred in the past and the capabilities of the actors that carry out those attacks .
By focusing on these past incidents , you can make sure the majority of threats will be addressed . It ’ s impossible to have zero risk but a reasonable approach is always to identify the most likely threats that may occur .
I use the analogy of a supermarket – nobody would shop in them if the doors were locked . You have to allow your customers to come and go freely into an environment , but you also have to put in place reasonable controls – you can ’ t prevent people from stealing , but you can put in place an appropriate level of control and an appropriate balance of risks .
It ’ s very important that within any organisation , you never leave yourself exposed to an obvious risk . By focusing on those known prevalent threats , which come from good threat intelligence and a good understanding of your own environment , you can put in place the right priority actions . p
www . intelligentcio . com INTELLIGENTCIO EUROPE 79