SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Three ways to prioritise cybersecurity for maximum protection
Wed, 19th May 2021
FYI, this story is more than a year old

As technologies become increasingly innovative, the threat landscape continues to evolve and increase in its complexity. Organisations are under growing pressure to enhance cybersecurity strategies to best protect and defend against potential risks and threats. But while cybersecurity is a crucial priority for many organisations, developing an effective security approach goes beyond simply investing in the latest defences.

While it's essential that business executives prioritise cybersecurity, the complexities of the threat landscape demand a systematic and strategic approach that identifies and prioritises assets and dedicated defences. This will help illuminate critical areas for investment in cybersecurity measures.

Rather than taking a ‘protect everything' approach, which often leads to nothing being effectively protected, CISOs should implement a three-pronged approach to prioritising cybersecurity concerns:

Align cybersecurity strategy with business priorities

Understanding the disparity between business priorities and cybersecurity strategy is one of the first steps in developing a priority-based approach to cybersecurity. By first identifying core business priorities, CISOs and IT security teams can work with other executives to bridge the gap between what is important to business leaders and what is critically important to the organisation's cybersecurity defence.

By developing a deeper understanding of the gaps between organisational and cybersecurity priorities, executives can begin to align the two strategies to ensure key priorities are addressed first, and resources are allocated accordingly. During this process, business leaders need to reach a mutual agreement and understand the roles and responsibilities of each team.

Identify potential vulnerabilities

Executives must work with IT security teams and CISOs to identify external and internal vulnerabilities, as well as other potential risks affecting the changing threat landscape.

CISOs and business executives need to be aware of all potential threats their organisation faces. This includes internal risk factors they can change and influence, and external risks they need to defend against.

While executives must align and prioritise business objectives and cybersecurity strategies, they also need to classify the level of risk each threat poses and determine how to best defend against them.

Define roles and responsibilities

When everyone in the organisation understands their cybersecurity roles and responsibilities, collaboration can lead to seamless protection. For example, business leaders need to:

  • Communicate their needs and concerns
  • Identify the business-critical assets, people, and processes that need to be protected
  • Set goals and budgets for cybersecurity initiatives. 

Meanwhile, cybersecurity leaders need to:

  • Identify vulnerabilities, threats, and countermeasures
  • Measure, monitor and report on cybersecurity return on investment
  • Undertake day-to-day cybersecurity operations.

When business and security leaders can work closely together, the results invariably improve. Neither group can work effectively without the input of the other, so it's important to avoid silo-based approaches.