Understanding cybersecurity
Five key steps to set you on the right path

There are five critical steps every organization must take to begin its journey towards true cyber security. Each step has unique elements organizations need to understand within the context of their own situations.

Step 1) Know your crown jewels and friends – identify critical assets and interactions

  • Build measures to address adaptive and evolving threats
  • Don’t prioritize based solely on business continuity plans, consider risks
  • Remember crown jewels will vary by industry and they can reside in the cloud, on mobile devices and with partners
  • Know who your organization shares information with and which friends can access your critical information and systems
  • Trust but verify – rely on security audits over questionnaires and make sure friends stay current

Step 2) Proactively gather intelligence – know what to look for and how to detect both conventional and emerging threats

  • Work towards a comprehensive plan for cyber threat intelligence
  • Monitor your data-access trails and data logs to gain insight and detect threats early
  • Review log data to gain insight into potentially suspicious patterns or activities
  • Proactively seek new sources of information and new ways to interact with peers to identify and share trends and tactics

Step 3) Make awareness a priority within every internal department and among external partners

  • Make sure employees and partners know the security measures protecting the entire organization
  • Communicate security threats and rules in understandable, user-friendly language
  • Continually engage employees and partners in an interactive security process

Step 4) Fortify your organization – diligently build and maintain protections

  • Focus on both critical and less critical but known vulnerabilities
  • Go beyond relying solely on regular patches from single major software providers
  • Look for real world security weaknesses in data-access procedures

Step 5) Prepare for the inevitable – Test your incident management process, including crisis simulation

  • Know how departments will work together during a cyber-attack
  • Know which external parties (partners, customers, regulators, watchdogs) you will engage when a security event occurs
  • Simulate incident management and include IT and other departments to test your preparedness

Remember, these five steps are starting points of an ongoing journey. Read more about what Deloitte is doing to combat cybercrime such as cyber threat intelligence sharing communities.

 

Complete the form to reach out to a member of our team to learn more.

CIOs and CISOs: How cyber resilient are you?
Take our cyber security survey to assess your cyber risk and learn how your security strategy measures up against your Canadian peers. Share your perspective today.