May 17, 2020

Eight key steps to creating an effective cyber security framework

Tim Bandos
4 min
An effective organisational security framework is an absolute necessity in today’s business environment, but all too often companies are falling short...

An effective organisational security framework is an absolute necessity in today’s business environment, but all too often companies are falling short, either through poor/rushed planning or failure to strike the right balance between technology and employee education. The answer lies in blending strategic security technology investments with regular employee training and awareness to create a comprehensive security net without compromising business productivity. This can be tricky without the right tools and knowledge, but below are eight key steps to follow when aiming to combine the best of both worlds:

1) Invest in the right security technology

In the current security climate, relying on employees to do the right thing in every situation is both unfair and unrealistic. Whilst overly restrictive or heavy handed security practices can hinder productivity, the right technology investments made in the right areas will have an overwhelmingly positive impact. Not only will it take the guesswork out of many security situations, but creating a technology based safety net will relieve pressure on employees, allowing them to go about their jobs without fear of recrimination.

2) Take a risk-based approach to employees

Not all employees are created equal when it comes to risk. It’s important to take the time to identify which employees, at every level of the business, represent the greatest risk to sensitive business data in the event of a security breach. For example, employees with network administrator credentials pose a far higher risk than those with local user access. Other employees may be the custodians of critical business IP, making them more of a target to cyber criminals. Determining where the most risk resides and tailoring defences accordingly is one of the highest priorities for any business looking to improve its cyber security.

See also:

3) Encourage and reward security conscious employee behaviour

Simply communicating security policy to employees and expecting them to adhere to it immediately is unlikely to work. Changing employee behaviour requires regular training as well as positive reinforcement. Incentivising employees to follow established protocols and rewarding those that do will go long way to enacting long-term behavioural change by helping them to form new habits that become instinctive over time.

4) Make security a cross-departmental initiative

Too many businesses place the burden of security solely at the feet of the IT department. In reality, a robust security framework requires buy-in from nearly every department if it is to be successful. The marketing department can even play a role in building a strong security brand within the company. Tapping into a group of individuals that knows how to position oneself, what reaches people, and how to measure it, can be enormously helpful with internal awareness.

5) Consider appointing internal security leaders

Depending on the size of a business it can also be helpful to appoint a group of internal leaders to further assist with security efforts. A group of knowledgeable individuals can streamline communications across the business, bring security issues to the table in a constructive manner and help to field security questions from employees in order to improve decision making and cut down on trivial mistakes.

6) Ensure frameworks are underpinned with clear policies

All effective security frameworks need to be underpinned by a clear written policy. Without a policy in place, it can sometimes be difficult to hold employees accountable for their actions. Creating a written policy immediately solves this issue whilst providing an initial reference point for anyone wishing to clarify company position on anything relating to cyber security.

7) Don’t reinvent the wheel

When it comes to IT security management frameworks, there are already numerous great guides out there. Not everything will be relevant to every business, but aligning with industry best practices will always create an excellent platform from which to move forward. Furthermore, the end result will likely be a far more comprehensive security framework than would otherwise be the case.

8) Don’t rush, these things take time

It can sometimes take years for a company to deploy a successful security awareness campaign, let alone master organisational security over the long-term. Too many businesses try to be tactical in their approach when what’s really needed is a long term strategic vision that’s built up over time. Focus on timelines of years, not weeks or months, and the chances of success will be much higher.

Achieving a robust cyber security framework can often feel like an uphill struggle, but all too often businesses are making fundamental mistakes that significantly hamper their efforts. Adhering to a series of logical steps such as those above will not only help businesses ensure they are covering all important aspects of cyber security, but that their efforts will enable long-term cultural change rather than resulting in a short-term fix that is soon forgotten again. 

Tim Bandos, Senior Director of Cybersecurity at Digital Guardian

Share article

Jul 30, 2021

IoT market expected to grow due to increase in IoT use cases

Internet of Things
market growth
Catherine Gray
3 min
The Internet of Things (IoT) service market is expected to grow at a rate of 24% through 2025 according to a report by The Business Research Company

An increase in the internet of things use cases is expected to drive the IoT service market, according to the IoT Services Global Market Report 2021: COVID-10 Growth and Change to 2030.

IoT has found its use in many areas over the years. It can be used in manufacturing, farming, smart cities, transportation and in many other industries and fields.

Due to the fact it can be utilised in many industries, there is an increased need for IoT services and applications. IoT services that provide support by delivering services such as consulting, data management, network management and security services, are in much higher demand.

The impact of COVID-19 on the IoT services market

According to the report, the global IoT services market is expected to grow from $139.24 billion in 2020 to $162.39 billion in 2021 at a compound annual growth rate (CAGR) of 16.6%.

In the coming years, the IoT managed services market size is expected to reach $381.16 billion in 2025 at a CAGR of 24%.

This growth lends itself to companies resuming operations and adapting to the new normal as we emerge and recover from the pandemic.

Previously, COVID-19 restrictions led to restrictive containment measures, remote working and the closure of commercial activities that resulted in operational challenges.

IoT use cases driving growth

The IoT services market consists of the sales of IoT services and their related products. IoT services are delivered by the IoT services providers. These providers provide consulting, security and analytics services as per the requirements of the business.

Major players in the IoT services industry are Cisco Systems, Cognizant, Google, Infosys and Tieto Corporation, to name a few.

An increase in IoT use cases is expected to drive the IoT service market; this is where IoT can be used to automate processes and increase productivity. As it has found many uses cases over the years, this increases the demand for IoT services and this is expected to drive growth.

Enhancing deployment workloads with edge or cloud computing

Despite the expected growth, low enterprise adoption is expected to hinder the IoT services market. Although IoT has its use in many industries, due to factors such as low awareness, enterprise adoption is low, the report states.

Only 29% of enterprises have adopted IoT solutions according to the Omida data survey.

Edge or cloud computing however is enhancing the deployment workload on IoT devices, according to the report. This solution facilitates data processing and data storage in the cloud.

Microsoft released its Azure IoT Edge recently. This fully managed service is built on Azure IoT Hub. By moving certain workloads to the edge of the network, businesses that utilise Microsoft’s IoT platform spend less time communicating with the cloud, react more quickly to local changes and operate reliably in extended offline periods. 

The IoT Services Global Market Report 2021: COVID-19 Growth and Change to 2030 is one of a series of new reports from The Business Research Company that provides an IoT services market overview

Share article