For the Business, Not the Badge: A Guide on Whom to Trust for Cyber Advice

Written By Tamires Iwamoto

An estimated 22% of businesses have experienced cybercrime in the last 12 months, rising to 45% of medium businesses and 58% of large businesses (GOV.UK, 2024). Therefore, in a world where cybercrime is constantly on an exponential rise, cyber security has never been more paramount for any business, regardless of size or industry.

While some companies are fortunate enough to have dedicated internal cyber security teams, many do not. But regardless of whether you are the sole cyber security expert, or part of a team of hundreds, the question remains: who should you trust for cyber advice?

 

The Challenge of Finding Trustworthy Cyber Advice

Navigating the cyber security landscape can be daunting. Financial directors and IT/InfoSec teams often find themselves overwhelmed by a plethora of standards, frameworks, and regulations and the need to wear many hats, all at once.

From GDPR to PCI DSS, knowing which guidelines to prioritise for your specific organisation’s needs and how to implement them can be a challenge. It can also be overwhelming to determine what’s reliable, sensible advice that you should follow, and what’s just marketing noise from vendors and consultancies.

Trusted resources like the National Cyber Security Centre (NCSC) offer valuable information and guidance. However, navigating this information alone can be tricky. It’s crucial for you to determine whether the advice is applicable to your role and goals. Before diving into research, you should clearly define your company’s needs, budget, industry specifics, and capacity.

Each business has unique cyber security needs. A tailored strategy, based on your specific requirements and industry standards, is essential. Experienced consultancies, like Cyro Cyber, can help you develop a customised approach that aligns with your business objectives, ensuring you invest wisely and save money where possible.

Understanding the Benefits of Following a Standard

Starting by understanding the origins and objectives of various cyber security standards is crucial. These standards were developed to address specific risks and provide a framework for managing them effectively. For example, ISO 27001 aims to help organisations systematically manage their information security. By understanding the purpose behind these standards, businesses can better appreciate their importance and relevance and streamline your strategy.

Standards and frameworks exist to provide a structured approach to cyber security, helping organisations safeguard their information assets. They are designed to:

  • Enhance Security Posture: By following established best practices, companies can significantly reduce their risk of cyber threats.

  • Compliance: Many industries have mandatory standards, such as GDPR for data protection in the EU or PCI DSS for payment card security. Adhering to these is not optional and can protect businesses from hefty fines.

  • Building Trust: Following recognised standards can enhance a company's reputation, showing customers and partners that they take cyber security seriously.

What’s Relevant to Your Business?

Marketing noise may try to convince you that you need a bit of everything to make your business secure, but remember, not all standards are relevant to every business. This is why it’s important to do your research or speak to a trusted advisor, as it’s essential to assess which frameworks apply to your specific industry and organisational needs. For instance:

  • GDPR is critical for any business handling personal data of EU citizens.

  • PCI DSS is mandatory for businesses that process payment card information.

  • ISO 27001 provides a comprehensive framework for information security management but may not be necessary for smaller businesses with limited data handling.

Rather than aiming to adopt every standard for the sake of compliance, you should focus on implementing the basics well. Start with measures that directly benefit your business operations and security posture, rather than chasing certifications. If this is something you are struggling with, the Cyro Cyber team are on standby to help. We can work with you to understand what currently exists in your business and what your goals and priorities are, working with you from the boardroom to the command line.

Conclusion

Finding trustworthy cyber advice is a crucial step in securing your business. By understanding the benefits of standards, focusing on relevant guidelines, optimising existing resources, and choosing the right consultancy, businesses can navigate the complex cyber security landscape effectively.

Cyber security should never be about competing with others. Instead, aim to be as secure as possible within the parameters that you set, in line with what makes sense for your business. Your ultimate goal is to protect your business and its assets, not to outdo competitors. Success should always be measured by your organisation’s ability to prevent incidents and protect sensitive information - not by comparing yourself to others.

 ______________________________________________________________________________________________________________________________

Author: James Wood, Practice Director, Cyber Security Consulting - Cyro Cyber  

Cyro's decades of combined experience can help understand and implement and test the necessary controls to satisfy the regulators whilst improving the end goal of protecting your data to avoid the potential impact of breach costing in fines and reputational damage. 

Drop us a line to discuss your cyber challenges: james@cyro.uk

Tamires Iwamoto
Previous

To Be (a Technical CISO) or Not to Be (a Technical CISO)? That is the Question
Next

Insufficient Security Training and the Impact of Doing it Poorly