Alert: Tracking exposed OT/ICS: 2017 – 2024

Ornamental dots. Two rows of three dots. The top row is a light blue. The bottom row is one light blue dot followed by two orange dots. Blog

Cyber This and Cyber That… Let’s Talk Business

Cyber Bob, Principal Security Engineer and CTO at Forescout | September 25, 2019

Twitter: @MeetCyberBob

Technology is accelerating business. Nowadays, a whole organization is built within a business just to support the rest of the teams, to streamline data input and output. This, then, should be accelerating the pace of business.

So now what happens? At the best of times, we have to deal with scheduled outage windows. At the worst of times, some emergency outage is needed to mitigate risk. Each outage impacts production. Yes, business is streamlined, processes are improved, but now the reliance on cyber is changing risk reporting.

Any outage potential now gets the attention of your board.

Are the issues at the data center? Sometimes. Mostly the issue sits out at the edge of your network. Things are changing so fast. The problems are on your factory floor, or your campus, with some managed endpoint that is not quite managed the way it should be… or cannot be managed through a central console… you get the picture.

So, let’s get to the point: what are you doing with cyber? How are you addressing cyber risk? Are you part of a “digitization” effort?  How does cyber hygiene within an IT asset management framework get improved to enhance risk assessment?

I am making an assumption here that you are reading this as a technologist. You are part of information technology… which means you are usually frustrated. Your customer is demanding. 27 ‘nines’ of uptime are not enough!

This comes down to a language issue. IT people talk cyber, packets, storage, files, registry settings, “conf” files, updates, blah blah blah… we are not talking business enough. We need to truly empathize with the actual business processes. What happens if this server goes down? How does that affect the business? Which areas? What are the costs? They could be financial, personnel or something else. If you are not correlating everything cyber with its true business value or cost, then you are not doing the right things for your organization, and your customer.

Talk with your customer and ask the tough questions.

Correlate your tasks to business benefits. Talk in the business’s language and use the terms your own internal customers are using.

They will start to incorporate your cyber language into their business language.

Then you’ll be able to move your initiative of IT risk assessment forward.

Demo Request Forescout Platform Top of Page