There are lots of basic, cybersecurity hygiene rules. Strong authentication, proper cybersecurity training, and patching software are good guidelines that everyone should follow. When you dig into the nuances of effective security, though, it quickly becomes apparent that one size doesn’t fit all.
Cybersecurity threats create business risk, and the National Association of Corporate Directors handbook on cyber-risk oversight boils down the management of those risks to basic questions. These include what an organization’s most important assets are, what kinds of threat actors are likely to come after them, and what the legal and disclosure implications are if the attackers succeed.
Such questions might seem very basic, but the answers will differ across industries based on sector-specific priorities. Those responsible for keeping supplies moving, such as upstream oil and gas companies, are primarily concerned with availability. Downtime and service disruption is their biggest fear. Conversely, companies that safeguard sensitive information, from news organizations to defence contractors and legal firms, focus more on confidentiality. Some organizations grapple with…