News + Resources

Cyber security is no longer a problem for the IT department, it is much bigger than that. Cyber security is for the board and the whole enterprise. Vulnerabilities that could impact a company’s bottom line have always been a board-level issue – cyber security is no different.

Boards need to understand both the risks, and their role in combating them. Likewise, senior management must understand how they fit into the equation.

• System users need to be trained on the systems they use, both in terms of what they’re allowed to do and what is prohibited
• No one should be allowed onto a system before they have been trained in its use
• Specialist users need to understand the cyber implications of their role
• Staff who have roles on the system need to be managed to ensure that their privileges do not exceed their role

Education and training need to be provided to those whose role it is to defend the organisation – that is every user. 

Remember, you probably have more touch points to the internet than you imagine, and a hacker can get just as lucky within an unprotected industrial control system as they can trying to break down the front door of your IT system. You need to ensure that both are protected and not one to the exclusion of all others. It is about both the ship and the head office.

Your first line of defence is your employees.  Leadership must be able to demonstrate operating in accordance with good practice and that the appropriate documentation is maintained, up-to-date and available for review.  Evidence of cyber enterprise risk management will be your best defence to regulatory investigation and penalty, but ultimately it will ensure your business is more resilient to cyber incidents and that the recovery will be faster and the business impact less. Cyber enterprise risk management is more that an IT challenge.

#reslienceandrecovery #Astaara #cyberinsurance #marinecyber #portscyber