If you’ve already seen Chernobyl you might have been staggered by the initial attitude of “This isn’t happening” but that’s quite typical in cyber breaches. The linked articles draws parallels between the nuclear accident and everyday reality for cyber security professionals…:
[…] If we apply a cyber lens to the contributing factors to the accident, we can learn a lot about how to keep our organizations safe, not least by generating a culture of security. At a minimum, ask the following questions:
- Are your staff trained and experienced to do the roles they are expected to do?
- How comfortable are your teams at running outside of normal operating conditions?
- How clear are your policies and procedures—are they written to be understood?
- Have you stood back and considered any potential design flaws in how your business operates?
- How compliant are you with law and regulation? Not knowing isn’t a great defense.