Skip to main content

KYX

 KYX is the Key to Your Organisation’s Cybersecurity.

TIP 1. KNOW YOUR CUSTOMERS (KYC)

Understanding your customers’ business is key to building your organisation’s cybersecurity. Key considerations include: how they transact with you, whether online or offline, how you store their data and financial transactions, and if they share their PII (Personally Identifiable Information).

TIP 2. KNOW YOUR BUSINESS (KYB)

If you are a legacy organisation transitioning to digital processes, it is important to understand how you conducted business before computerisation and how you operate now. Have you fully embraced digital technologies, or are you just starting your journey? Do you have a website that serves as the primary point of interaction with your customers?

If so, do they share their data with you online, and if they do, how do you handle it? Is the communication channel between you and your customers fully secured? Finally, are you required to meet regulatory compliance? These are all questions you should consider to stay compliant and keep your customers’ data safe.

TIP 3. KNOW YOUR INFRASTRUCTURE (KYI)

Your infrastructure has five important elements: Network, Users, Data, Applications, and Cloud. You need to consider how you operate, whether at your premises, remote, or mobile. You should also think about how your users connect to your corporate applications. Can you identify from where they are accessing your network? Are they using corporate- owned equipment? Are the endpoints secured to handle corporate communications? If you have developed the applications, have you followed the standard secure coding practices?

TIP 4. KNOW YOUR USERS (KYU)

Effective cybersecurity measures depend on user behaviour. Those who neglect cybersecurity hygiene become the weakest link in an organisation. Educate, enable, empower, and repeat.

TIP 5. KNOW YOUR ROLE (KYR)

The designations of CISO, CIO, CTO, and CDO come with great responsibility. Even a single data breach can lead to severe consequences and put the blame on you. Therefore, it’s crucial to know your role, authority, powers, and responsibilities in the organisation. You should document what you can and cannot do, as well as what you are responsible for and not responsible for. It’s also essential to document any observations you make and communicate them to all stakeholders. This way, you can address any issues before they escalate and avoid negative repercussions.

TIP 6. KNOW YOUR VENDORS (KYV)

Original Equipment Manufacturers (OEMs) are responsible for developing modern cybersecurity technologies. Are they present in your country? Do they have a Technical Assistance Centre (TAC) and provide Return Merchandise Authorization (RMA)? Do they offer 24x7 support? Is the product stable and safe to install in your system? Are they committed to the locations where your operations are based? Is the product reaching its End-of-Life (EOL) or End-of- Sale (EOS)? Do they make commitments on the data sheet that they are unable to deliver? Do they have a long-term roadmap for this product line? Do they offer an integrated solution or just individual components?

TIP 7. KNOW YOUR PARTNER (KYP)

Whether you call them a partner, reseller, or system integrator, they are the link between you and the original equipment manufacturers (OEMs)! How do you assess their level of expertise? Do they have the necessary skills and experience to handle your project? How long have they been in the industry, and how stable is their organisation? Are they authorised to sell the products they offer, and do they have certified and trained staff? Will they be there for you when things go wrong? It’s also important to understand their organisational structure and have a clear escalation matrix in place.

TIP 8. KNOW YOUR JOURNEY (KYJ)

If you have an unlimited budget, you might be tempted to bring in the best-of-breed solutions and pay heavily for them. However, if these components do not talk to each other, there will be no integrated management in place. This means you won’t be able to understand what is happening in your organisation. Building a cybersecurity system is like constructing a house; each component needs to be synchronised, like the workings of an orchestra. If you ignore security, the digital journey becomes challenging.

TIP 9. KNOW YOUR FINANCES (KYF)

Budget and constraints are closely related. Out-of-turn investment requests after a breach may put a strain on your finances. It’s important to anticipate these requirements and plan for them in advance. CFOs are always looking for ways to optimise costs and often target the Information Technology (IT ) department. However, it can be challenging to explain the need for security tools like SIEM or SOAR to CFOs who may not be familiar with cybersecurity terminology. It’s important to avoid using scare tactics like FUD (Fear-Uncertainty-Doubt) when presenting to top management, as this can lead to either unnecessary fear or dismissal of the issue. Instead, focus on presenting the information in a clear and understandable manner.

TIP 10. KNOW YOUR ACRONYMS (KYA)

PCMCIA - People Can’t Memorize Computer Industry Acronyms! Just kidding! Often, vendors use acronyms while communicating. You should stop them if you don’t understand them. IP and IP may represent two different things. One stands for ‘Intellectual Property,’ and the other stands for ‘Internet Protocol.’ If you are unsure about an acronym, don’t hesitate to ask for an explanation. It’s your right to ask and their duty to explain! Making assumptions can lead to wrong decisions. Sometimes, a conversation can be filled with acronyms for 30 minutes, and you may not understand any of them. You don’t need to know all the acronyms or technologies, but it’s your role as a guardian to ensure you understand what’s happening in your company. That’s important!

Bonus Tip#: Know Your Opponent (KYO)

Knowing your adversaries is the name of the game. Is it your competition who wants to hurt your business? Or somebody from across the border! Are you an innocent bystander getting caught between the cross-fire of two other contenders? Were you the actual target? Are they trying to hack your website? Or they want to extract information about your customers? Or users acting from inside, or are they after your IP (Intellectual Property)?

~ Mohan Madwachar

Read it on: https://belmontbec.com/wp-content/uploads/2024/06/1001-cyber-security-Tips-Mohan-Madwachar.pdf

Comments

Popular posts from this blog

Are you FAST enough for SAST & DAST?

Banking and Financial Sector companies have come a long way from the conventional banking system to modern means of providing various services to the customers at their finger trips. Long days of wait for cheque clearances, long queues at tellers and the rate of which each transaction used to occur is long gone. Now you have Internet Banking System, Mobile Banking System, and Interactive Video Customer Services. Opening of bank accounts through tablets right from the customer’s home, online transactions through NEFT (National Electronic Fund Transfer), RTGS (Real Time Gross Settlement), IMPS (Immediate Payment Service), payment wallets and several such new features have modernized and simplified banking activities. Technology brings fantastic benefits. However, the IT teams of these financial sector organizations who are into modernization face tremendous challenges. On the customer front, they need to ensure intuitive, colourful and easy to use customer interfaces that ensure t...

Make way for SDP

My grandfather often used to recollect his father’s advice: Never buy lands beyond what your eyes can see! Obviously, beyond your direct vision of your lands, nobody knows who is utilizing them, and how. Drawing the analogy to the modern-day Network Managers, you can’t manage the network you can’t see. Modern day networks are large and complex with disparate systems, security and monitoring tools. Often, these tools are purchased and deployed to address one immediate requirement with no deep-down thinking or long term thought process. Network managers are left with so many stove-pipe solutions and many places to look at when it comes to troubleshooting. Compliance to various security agencies and government requirements mean more and more security tools. Put together can these tools are able to still leave them with a good night’s sleep is still a question. Network Visibility is becoming a key discussion point in all IT discussions. How much you know about your network and how...

New Stock Market Fraud Alert!

  Let me share the latest stock market fraud going around the country. The terms you will be hearing are: Institutional Trading Block Deals AI Algorithms, and Confirmed IPO allocations Modus Operandi You will be searching for some Stock Market resources on the Social Media Websites Advertisement lures you with 10x to 30x returns Invitation comes to join a WhatsApp or Telegram Group You will find several people posting their trade screenshots Each one of these screenshots shows 30%-50% gains An 'expert' will help you with formalities to open an account You have to invest anything from 1 - 10 lakhs (1 million) You will deposit the money into various bank accounts (why?) as advised by the expert You will get an advice to ' buy ' a stock when they say You will get an advice to ' sell ' a stock when they say You can't sell a stock whenever you want. The sell button is disabled. First few days, you will be getting 20-30% returns You are then pushed by the a...