This is a great topic for a BIG PICTURE® conversation as a term that is for some beyond full comprehension and therefore difficult to understand the impacts on the organisation. We break this down in a disarming and accessable way as we did in this simulation of a conversation you could be having in your team. When you do maybe you’ll find the same as we did in this discussion. That is whilst the term ‘Cyber Security’ suggests a more technical slant we actually focused on the human element throughout. This is evident by the use of the Team and Customer Symbols rather than Technology. What does this mean for your organisation and the voices in the room when you work things through. If you’re as surprised as we were as to the dialogue the maybe you’re missing a trick with regard to the Challenges and Opportunities that surround this already massive and growing problem when systems and people collide!
We defined some terms, always a big part of a BIG PICTURE® conversation when offering a level playing field so for instance don’t assume people know what ‘spearfishing’ is. In doing so you’re getting everyone on the same page.
The structure followed, without directing, a risk management type structure looking first at the impact of an attach being successful. Finance Lead Hywel Griffiths putting some numbers to the different kinds of attacks and results of non-compliance. We then focused in on the liklihood of an attack being successful so in the different parts of the organisation, some often a blindspot, using the BIG PICTURE® Board. The Symbols help us, not only spot the people vs. tech balance, but if we had more time how Cyber Security relates to Measures and Process.
We Board helped us contextualise the segregation of duties that are helpful providing the checks and balance to reduce the risk of breaches happening. It also identified an apparent difference in the mindset and predication of certain areas of the organisation that may be more, say Sales, and less, say Accounts, to the kinds of behaviour that result in breaches. Knowing this will not only lead to a healthy conversation but also provide a focus to the training and remedial action in response to the threats.