The first thing business gets wrong in understanding cybersecurity is assessing the value of the information it holds.
Businesses need to know the information they are trying to protect. Is it information about the business that would be shared via marketing? Information that is commercial in confidence? Or does it have a high security risk, such as defence information, intellectual property for a new drug or customer’s financial information?
It’s important to know the difference, says Craig Horne, chairman of the Australian Computer Society in Victoria, who is also completing his PhD in information security strategy in organisations.
Another aspect to cybersecurity is having the right people, hardware and software to manage risks. Companies could be doing better by sharing information on known threats and employing people with real world skills, rather than just “STEM” (science, technology, engineering and maths) graduates, to tackle future risks.