Suited man holding a tablet with a lock graphic spiraling

Cyber Progression: Developing a Focused Approach

Cyber Progression: Developing a Focused Approach

4 Minute Read

Strategy and focus are critical for an effective cyber security program. MNP’s Jason Murray explains the role business leaders play in driving a business-oriented approach.

In the most basic sense, cyber security is the practice of protecting information on interconnected computers. Yet it’s easy for organizations to become overwhelmed by the technical minutiae. Usually this happens when they get bogged down in the seemingly random ‘stuff’ they think their cyber security program requires and stuck in a ‘stop all bad things at all costs mentality’.

The problem is almost always a disproportionate emphasis on tactics over strategy. We often hear comments like, “that’s what we’ve always done”, “a vendor recommended it” or, “we heard it was best practice.” And when that crops up, it almost always underscores a lack of context.

While it’s true that implementing and overseeing an effective cyber security program requires specialization and expertise – organizational leaders can still play a pivotal role in steering the direction, goals and culture. In most cases that simply requires stepping back and embracing a shift in perspective.

Controls Focus

Whether they’re worried about compliance, trying to meet regulatory obligations or simply don’t know any different, this is the ‘stuff’ that most leaders find themselves caught up in.

It’s also what’s likely to come to mind when most early-stage organizations think of cyber security.

Controls are the policies, procedures, hardware and software intended to protect an organization against potential threats. They’re useful for detecting incidents, responding to incidents and recovering from breaches. They’re certainly important. But what they don’t reveal is precisely what each control is doing, how it’s protecting the business and how well it’s functioning.

Threats Focus

If there’s one focus to view cyber security through, this would be the most useful. When you understand your threats, the vulnerabilities in your environment and the risk that results, it’s significantly easier to take a calculated approach to protecting your information.

Sometimes a specific control, such as a firewall, is the best way to offset a threat. But in this case, the organization can leverage that control in a calculated and common-sense manner. They know what the limits of the control are, what threats it will and won’t help against.

Process Focus

Cyber security is fluid. New threats emerge all the time. The functionality and effectiveness of existing controls wanes over time. Behaviours shift. A process focus embraces a culture of constant improvement and drives toward program maturity.

Some process-driven questions include: Do existing controls function as intended? Do organizational processes and procedures effectively support the control? What has changed in the business or risk environment to shift our threat exposure?

A Balanced Approach

A business-oriented cyber security program requires the right mix of all three focuses. The goal of leadership is to move the company from any one section of the Venn diagram above toward the middle.

There will be times when the organization needs to shift in one direction or another (i.e. heavy controls focus to achieve compliance in a narrow timeframe). But when an organization is aware of their focus at any given time, it’s easier to recognize the skew and emphasize a threat or process focus to bring things back into balance.


  • February 26, 2024

    Protecting yourself against fraud is a matter of good business practice

    It’s difficult to keep up with all the products and services required to defend against fraud. But security solutions all have one thing in common. When it comes to safeguarding your company, good business practices will always be your best protection.

  • February 29, 2024

    What’s next for businesses now that CDAP has ended?

    The federal government has announced that the Boost Your Business Technology grant is fully subscribed and will no longer accept new applications. MNP Digital remains committed to supporting Canadian small businesses with their digital transformation goals.

  • Performance

    2024 Nova Scotia Budget Highlights

    View a summary of MNP’s highlights from the 2024 Nova Scotia Budget.