Lessons learned from 2023

As we hit the end of the year, our committee members here at the CISSF reflected upon 2022 and our top lessons learned.
We hope everyone has a wonderful New Years, a prosperous 2024 and we look forward to seeing you all at our events next year!

In what feels like the blink of an eye, another year has passed, full of both breaches and hopefully progress in the world of cyber security. New Year’s is both a time to refresh and plan for the year ahead, but also to reflect upon the previous year, both positive and negative. Committee members here at the Channel Islands Information Security Forum looked back at 2023 and our top lessons learned:

The value of conferences and networking.

Cyber conferences are as useful as you make them. We all go to conferences and trade shows from time to time, and often get minimal value from them. But if you plan properly whom you're going to visit and what presentations you're going to attend, and you'll be amazed at the value you get. And don't think for a moment that you have to be some mega industry guru to be asked to present: if you have a good idea for a presentation, or you think you have the knowledge to be part of a panel discussion, offer your services and you may well be asked to join in. And it's tremendous fun doing so.

Supply chain security is not going away any time soon.

2023 has seen an increasing focus for many businesses upon supply chain security. This scrutiny is generally driven by regulatory, legal and or compliance requirements, but we’ve also seen several breaches and incidents introduced through supply chains that directly raises the importance of managing your supplier chain correctly. The impact of this scrutiny can be seen on a regular basis for those businesses in the middle of supply chains, with increasing questionnaire, risk assessments and audits becoming more and more common. Questions are more regularly being raised as to the sustainability of such scrutiny, which seems to be creating an industry. There are many potential solutions, but one thing is sure – this scrutiny is not going away in 2024 and is likely to increase.

Cyber security is a team sport.

The successful implementation of cyber security strategy often hinges on correct culture within a business. Cyber security leaders are not the cure to cyber security woes alone, having an isolated security team will generally lead to problems with positive cyber security culture. To be successful our cyber security leaders must work with the wider business in a positive manner, ensuring risk is owned appropriately and subsequent decisions related to cyber security are more appropriately considered and not just seen as an issue outside of responsibility of the risk owner. Work with your wider business, including technical teams, include them in your journey to improve cyber security posture, from strategic planning all the way to incident response.

--

With that, all of the committee members here at the Channel Islands Information Security Forum wish you all a Happy New Year and look forward to hosting more events through 2024!