Best cyber security measures: Focus on what could kill you first

Firewalls, multi-factor authentication, network segmentation, digital signatures… Does your organisation need to use all common cyber security measures? And if not, how can you identify the right ones? 

Since every company generates revenue differently, their risk profiles and ideal cyber security measures are unique. You need to identify which specific cyber security measures will work best for your business and industry. Of course, there’s more to it. 

Hear from Maximilian Faggion, DataGuard's Squad Lead of Global Corporate Information Security, why being selective about your cyber security measures and focusing on what could kill you first is good business. 

This article covers:


 

What are cyber security measures?

Cyber security measures are actions you take to protect digital assets in your organisation. Just like information security, cyber security aims to maintain data confidentiality, integrity, and availability, known as the CIA triad. Robust cyber security helps your organisation prevent unauthorised access and minimise risks.

 

What are some examples of common cyber security measures?

Some of the most common cyber security measures include implementing antivirus software, setting up firewalls, creating strong passwords, employing two-factor authentication, encrypting data, backing up data, securing networks, and regularly updating systems, among others.

Plenty of sources reference the most common cyber security measures, risks, vulnerabilities, and threats. However, what measures work for some might not be what your organisation needs to optimise protection. Each company has specific risks and, therefore, specific measures to tackle them.

According to Gartner, by 2027, 75% of employees will acquire, modify, or create technology outside IT’s visibility—up from 41% in 2022. This is a whopping number and yet another cyber security trend pushing IT leaders to explore new, better ways to strengthen their cyber security.

 

Why a selective approach to cyber security is good for your business

Every company makes money differently, which means they face different threats, which implies different protection methods. And the more unique your USP, the more unique your cyber security threats and measures.

Each business has its own digital fingerprint—what's risky for one might be irrelevant to another. This reality demands a strategy that zeroes in on protecting the heart of your business: the key elements that drive revenue. 

Deep dive into your data and analyse how it flows in your organisation. Whether it's customer information, proprietary technology, or operational data, understanding what you have and how it's used is the first step in recognising where your value sits.

 

Once you've mapped out your critical data and processes, the next logical step is to think about how these could potentially be attacked. Some cyber threats might aim directly at stealing your data, while others might seek to disrupt your operations. By anticipating these threats, you can develop a more informed and focused approach to cyber security.

Cyber security shouldn’t be seen as one-size-fits-all. Know where you stand to lose the most and shield that spot – focus on what could kill you first. Your most pressing cyber security measures will stem from here. So, your company's cyber security measures must be as specialised and unique as your business.

 

How cyber security measures vary across industries

Phishing is one of the most talked-about cyber threats. But if we take, for example, automotive companies, their real concern isn’t a phishing email. Car manufacturers prioritise protecting the innovative tech that powers their products or keeps their supply chains secure to ensure availability. Let’s see how cyber security measures vary across industries.

Cyber security measures in manufacturing

We talked about automotive and its focus on cyber security measures that ensure availability. The need to protect operational technology (OT) from cyber threats is key in manufacturing. OT is frequently targeted by unique malware that aims to disrupt production.

Seeking better efficiency, companies often merge their OT and IT systems, which means they lose the "air gap"—an offline gap that keeps the two systems separate and is more challenging for hackers to reach. The increasing connection makes them more prone to attacks.

Network segmentation, real-time monitoring, patch management, and intrusion detection systems (IDS) may be some of the cyber security measures that production companies can take to protect their operations.

Cyber security measures in logistics

If we take logistics companies, many use telemetry to facilitate communication between IoT devices. The technology helps drivers know exactly where and when to go by providing live updates.

 

Yet, should this technology be compromised, it could disrupt the timely delivery of critical supplies such as pharmaceuticals and food, where every minute is essential. So, for logistics companies, data encryption and regular IoT device updates will be one of the primary cyber security measures.

Cyber security measures in professional services

Professional services (PS) companies, such as consulting firms, deal with large amounts of sensitive client data. For example, a PS company may run a platform their clients use daily. Therefore, confidentiality is a top concern when setting up robust cyber security.

This calls for robust application security measures, including web application firewalls and endpoint detection response systems, to detect and respond to malicious activity. Here, phishing is one of the most dangerous threats, pushing employee awareness training to the top of the list of cyber security measures.

 

How cyber security measures change as your business develops

Let’s say you’re a medical gear manufacturer transitioning into MedTech. You’ve long been in the business of crafting equipment, such as surgical tools, for hospitals. Now, your company is entering the world of smart systems for patient data management.

You may have had a little more cyber security leniency when you were a manufacturer, but now you’re faced with securing highly sensitive patient data and must take appropriate measures. As your business changes, so do the measures you need to take to ensure cyber security.

In another scenario, you might be venturing into new markets. If your security posture was not ideal before this, it could lead to real problems because you have not adapted to specific risks and risk management procedures in your organisation. Now, you’re bracing for even more challenges.

 

How do you pick the right cyber security measures for your organisation?

If “the best” or “the most common” measures are not the best way to strengthen your cyber security, how do you pick the right ones for your business? Start with your context.

Start with context

As you work on understanding your business context, the questions to answer are: How does your business operate? What do you need to secure first? Where would it hurt the most should a cyberattack strike?

As noted in the ISO 27001 standard, first assess your organisation's context by outlining its critical business functions, processes and assets.

Run a risk assessment

Once you know what’s most important to keep your operations or data secure, identify and assess the most pressing risks to these critical areas of your business. By aligning cyber security efforts with your business's specific needs, you can better protect your operations and assets.

Get a platform to oversee your assets and risks

Creating that context and assessing assets and risks can be much easier if you have a platform to manage everything in one. Look for a system that could accommodate any information or cyber security needs to pick the right protection measures. Next to this, seek out expert help to guide your way.

DataGuard can help you identify what to protect first. You can check out our information-as-a-service solution or reach out for a chat.

 

 

 

Frequently Asked Questions

What exactly does cyber security do?

Cyber security protects digital assets such as computers, networks, programs, and data from unauthorised access, attacks, or damage. It uses technology, processes, and practices to safeguard against cyber threats and ensure the integrity, confidentiality, and availability of information.

What is the difference between information security and cyber security?

Information security and cyber security are often used interchangeably. While this isn’t entirely wrong, information security is the broader term of the two, as it encompasses cyber security. Information security covers all efforts to protect digital and non-digital information from unauthorised access, exposure, or destruction. Cyber security focuses explicitly on protecting electronic data and the systems and networks that use or store this data from digital attacks or cyber threats.

What is cyber security measurement?

Cyber security measurement helps define the effectiveness of your online security. It can involve tracking the number of hacking attempts blocked, how quickly threats are dealt with, and the performance of security measures. This helps identify your cyber security strengths and weaknesses.

What is cyber security management?

Cyber security management is guiding and controlling how an organisation protects its digital information and assets from cyber threats. It includes setting up policies, using security tech, keeping an eye on systems for dodgy activity, and dealing with security incidents.

What are cyber security risks?

Cyber security risks are potential threats that could exploit vulnerabilities in your organisation's digital systems, leading to data breaches, information theft, or damage to digital assets. These risks include malware attacks, phishing scams, hacking attempts, and insider threats, among many others.

About the author

Maximilian Faggion Maximilian Faggion
Maximilian Faggion

Maximilian Faggion is DataGuard's Squad Lead of Global Corporate Information Security. With over 15 years in cybersecurity, he has led and executed security strategies at top Swiss institutions. Maximilian’s roles included SOC & CSIRT Lead and Head of Cyber Security, blending hands-on technical expertise with leadership in security management. He’s also a contributing member and mentor in three of the largest and most important institutes for information and cybersecurity: ISACA, EC-Council and the FAIR Institute.

Explore more articles

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies
Certified-Icon

100% success in ISO 27001 audits to date

 

 

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Let's talk