Home Books Book review: The Five Anchors of Cyber Resilience by Phillimon Zongo

As the title suggests, The Five Anchors of Cyber Resilience attempts to describe cyber threats, and more importantly corporate responses to them, within a framework of "Five Anchors."

The author, Phil Zongo is Zimbabwean-born, but now resident in Australia. He is a well-regarded cyber security expert, strategic adviser and author.

He has been widely published in a variety of journals and has received numerous awards from ISACA and other professional bodies. In the past 14 years, Zongo has consulted widely with major corporations to assist with their cybersecurity strategies. This is his first book.

The book is meant to be a guide for cyber resilience, aimed at corporate senior executives.

As Zongo explains in the book, a cyber-resilient enterprise will:

  • build a cyber-security strategy centred on high-value assets;
  • put people at the centre of cybers ecurity strategies;
  • bake cyber security into innovative programs;
  • implement a risk-based assurance program over suppliers; and
  • create highly effective, lean and efficient governance structures.

Perhaps Zongo's five anchors are somewhat "motherhood" in their scope, but he provides plenty of examples showing intrusions that would have been defeated if these anchors had been properly implemented.

The five main chapters of the book address the anchors and offer plenty of background and description along with what can go wrong. There is also useful guidance on an extensive implementation of each anchor.

The book's introduction addresses a brief history of cyber crime and very clearly explains how a total defeat of such a scourge is essentially impossible, instead it is important to assess and prioritise, and to be smarter about applying limited resources to the problem. While reading this section, I was reminded time and again of the quote attributed to one of the IRA leaders in reference to the late Margaret Thatcher during "The Troubles". He said, "You have to be lucky all the time, we only have to be lucky once."

It is within this context that Zongo stresses the need to manage a corporation's resources to identify the most important assets (anchor 1); to ensure the entire company is on-board (anchor 2); to seek innovative solutions to current problems, including IoT, Cloud, Blockchain etc. (anchor 3); to recognise that suppliers are a major intrusion channel and to protect that path (anchor 4) and to improve governance structures to remove turf wars and to optimise comprehension at the highest levels of an organisation (anchor 5).

Within the context of anchor 5, Zongo also notes that very few boards have members with cyber skills and worse, the information being passed to them from the C-suite, and below, is either obfuscating, unintelligible or 'baffling them with bulls**t' (as the vernacular goes).

The book is suitable for lay readers as it doesn't delve too deeply into technical language. It is strongly recommended as mandatory reading for any senior corporate manager or board member to assist in an understanding of the broader issues and also to frame the questions to be asked (of the experts within the organisation) and the problems that need to be addressed.

It will also give management a framework for optimising the use of their resources. "Five Anchors" should also be mandatory reading for CISOs to better prepare them for potentially difficult discussions that will be instigated by board members who have take the time to read and digest this book!

Of course no book, this one included, is capable of giving specific advice for an individual organisation, however there is plenty here to cause thought and reflection; and hopefully will lead to greater cyber-resilience. Recommended.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

10 SIMPLE TIPS TO PROTECT YOUR ORGANISATION FROM RANSOMWARE

Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.

DOWNLOAD NOW!

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect