Suited man holding a tablet with a lock graphic spiraling

Cyber Progression: Developing a Focused Approach

Cyber Progression: Developing a Focused Approach

4 Minute Read

Strategy and focus are critical for an effective cyber security program. MNP’s Jason Murray explains the role business leaders play in driving a business-oriented approach.

In the most basic sense, cyber security is the practice of protecting information on interconnected computers. Yet it’s easy for organizations to become overwhelmed by the technical minutiae. Usually this happens when they get bogged down in the seemingly random ‘stuff’ they think their cyber security program requires and stuck in a ‘stop all bad things at all costs mentality’.

The problem is almost always a disproportionate emphasis on tactics over strategy. We often hear comments like, “that’s what we’ve always done”, “a vendor recommended it” or, “we heard it was best practice.” And when that crops up, it almost always underscores a lack of context.

While it’s true that implementing and overseeing an effective cyber security program requires specialization and expertise – organizational leaders can still play a pivotal role in steering the direction, goals and culture. In most cases that simply requires stepping back and embracing a shift in perspective.

Controls Focus

Whether they’re worried about compliance, trying to meet regulatory obligations or simply don’t know any different, this is the ‘stuff’ that most leaders find themselves caught up in.

It’s also what’s likely to come to mind when most early-stage organizations think of cyber security.

Controls are the policies, procedures, hardware and software intended to protect an organization against potential threats. They’re useful for detecting incidents, responding to incidents and recovering from breaches. They’re certainly important. But what they don’t reveal is precisely what each control is doing, how it’s protecting the business and how well it’s functioning.

Threats Focus

If there’s one focus to view cyber security through, this would be the most useful. When you understand your threats, the vulnerabilities in your environment and the risk that results, it’s significantly easier to take a calculated approach to protecting your information.

Sometimes a specific control, such as a firewall, is the best way to offset a threat. But in this case, the organization can leverage that control in a calculated and common-sense manner. They know what the limits of the control are, what threats it will and won’t help against.

Process Focus

Cyber security is fluid. New threats emerge all the time. The functionality and effectiveness of existing controls wanes over time. Behaviours shift. A process focus embraces a culture of constant improvement and drives toward program maturity.

Some process-driven questions include: Do existing controls function as intended? Do organizational processes and procedures effectively support the control? What has changed in the business or risk environment to shift our threat exposure?

A Balanced Approach

A business-oriented cyber security program requires the right mix of all three focuses. The goal of leadership is to move the company from any one section of the Venn diagram above toward the middle.

There will be times when the organization needs to shift in one direction or another (i.e. heavy controls focus to achieve compliance in a narrow timeframe). But when an organization is aware of their focus at any given time, it’s easier to recognize the skew and emphasize a threat or process focus to bring things back into balance.


  • Confidence

    June 07, 2023

    Discovering IP theft is a collaborative effort

    In an article for Canadian Lawyer, MNP’s Ryan Duquette discusses how digital forensics experts and their clients must work together to identify IP theft.

  • Agility

    Influencing an industry: Women leading by example in GTA real estate

    Speaking with women within two successful real estate development companies in the GTA about what sets them apart. Bringing empathy, compassion, and philanthropy to the space has paved the way for Spotlight Developments and Greenwin to give back to the communities they serve, change the industry, and inspire women in the workforce.

  • Progress

    June 06, 2023

    Everything you need to know about the rising debt among young medical students

    With young medical school graduates struggling to pay of significant debt, both private and government, accrued during their studies, insolvency may be the best option to help them get their careers started off on the right foot.