Fought a forest fire into the night many years ago. There were three of us.
We carried water in backpack pumps. The fire burned underground. Fire would appear
and we would rush over and extinguish it. By the time we replenished the packs,
fire appeared elsewhere in woods. The process was exhausting. The packs were heavy
and there were times I worried the fire would get out of control. We eventually
put out the fire and felt a feeling of accomplishment. It was a long night.
There are analogies between that night of fire and cybersecurity. We were understaffed and did not have appropriate tools. The threat was hidden and we had to find it. We could not afford to lose.
Leaders please take notice. Hostile nation states, criminal enterprises and insider threat will not provide courtesy. It's necessary to identify and mitigate cybersecurity risk, to have appropriate safeguards in place. Start by designating a cybersecurity leader and establish a program aligned to a control framework.
If you're uncertain of current state and exposure, commission a cybersecurity assessment. Provide resources to mitigate risk with a sense of urgency.
It obviously gets more complex than that. Available for a call if you want to discuss.