Cyber intrusions are continuing to happen with regularity across all types of organizations. Being vigilante every moment of every day places a burden on an organization’s ability to operate, and demands short term focus. Despite this pressure, it is very important to take a look around at the strategic level and insure that everyone in the organization is working toward the same goals.
Most focus on cyber-resilience is placed on existing systems and these systems are being updated and changed – either through vendor patches, software upgrades, or internal efforts to enhance productivity. The day to day change management process can create new cyber-vulnerabilities, and the technical management elements of the organization should be communicating changes in an understandable format so that any aberrant behavior can be analyzed by the entire organization.
The board of directors and C-suite must also share information about new directions the company is taking that might affect systems and add vulnerabilities. As an example, an acquisition of an outside company may bring new people, inconsistent process, unaudited systems and other cyber elements into the current organization. Advance planning will help keep everyone thinking in terms of optimizing the organization as a whole.