Monday, 08 October 2018 08:25

Book review: The Five Anchors of Cyber Resilience by Phillimon Zongo

By

As the title suggests, The Five Anchors of Cyber Resilience attempts to describe cyber threats, and more importantly corporate responses to them, within a framework of "Five Anchors."

The author, Phil Zongo is Zimbabwean-born, but now resident in Australia. He is a well-regarded cyber security expert, strategic adviser and author.

He has been widely published in a variety of journals and has received numerous awards from ISACA and other professional bodies. In the past 14 years, Zongo has consulted widely with major corporations to assist with their cybersecurity strategies. This is his first book.

The book is meant to be a guide for cyber resilience, aimed at corporate senior executives.

As Zongo explains in the book, a cyber-resilient enterprise will:

  • build a cyber-security strategy centred on high-value assets;
  • put people at the centre of cybers ecurity strategies;
  • bake cyber security into innovative programs;
  • implement a risk-based assurance program over suppliers; and
  • create highly effective, lean and efficient governance structures.

Perhaps Zongo's five anchors are somewhat "motherhood" in their scope, but he provides plenty of examples showing intrusions that would have been defeated if these anchors had been properly implemented.

The five main chapters of the book address the anchors and offer plenty of background and description along with what can go wrong. There is also useful guidance on an extensive implementation of each anchor.

The book's introduction addresses a brief history of cyber crime and very clearly explains how a total defeat of such a scourge is essentially impossible, instead it is important to assess and prioritise, and to be smarter about applying limited resources to the problem. While reading this section, I was reminded time and again of the quote attributed to one of the IRA leaders in reference to the late Margaret Thatcher during "The Troubles". He said, "You have to be lucky all the time, we only have to be lucky once."

It is within this context that Zongo stresses the need to manage a corporation's resources to identify the most important assets (anchor 1); to ensure the entire company is on-board (anchor 2); to seek innovative solutions to current problems, including IoT, Cloud, Blockchain etc. (anchor 3); to recognise that suppliers are a major intrusion channel and to protect that path (anchor 4) and to improve governance structures to remove turf wars and to optimise comprehension at the highest levels of an organisation (anchor 5).

Within the context of anchor 5, Zongo also notes that very few boards have members with cyber skills and worse, the information being passed to them from the C-suite, and below, is either obfuscating, unintelligible or 'baffling them with bulls**t' (as the vernacular goes).

The book is suitable for lay readers as it doesn't delve too deeply into technical language. It is strongly recommended as mandatory reading for any senior corporate manager or board member to assist in an understanding of the broader issues and also to frame the questions to be asked (of the experts within the organisation) and the problems that need to be addressed.

It will also give management a framework for optimising the use of their resources. "Five Anchors" should also be mandatory reading for CISOs to better prepare them for potentially difficult discussions that will be instigated by board members who have take the time to read and digest this book!

Of course no book, this one included, is capable of giving specific advice for an individual organisation, however there is plenty here to cause thought and reflection; and hopefully will lead to greater cyber-resilience. Recommended.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments