The problem with our cybersecurity problem

The problem with our cybersecurity problem

Couldn’t make it to Transform 2022? Watch all the sessions from the summit in our on-demand library now! Look here.


The problem is not that there are problems. The problem is expecting the opposite and thinking that having problems is a problem.

Theodore Isaac Rubin, American psychiatrist

We have a cybersecurity problem, but it is not the one we think we have. The problem is how we think about cybersecurity issues. Many of us are stuck in a reactive cycle, looking for silver bullets, when we need to change the way we view cybersecurity issues.

For CISOs in companies around the world, in every industry, the struggle is real. There is an incident, and the organization reacts. Too often the answer will be to buy a new software product that is eventually bound to fail, starting the reactive cycle all over again.

The problem with this approach is that it excludes the opportunity to be proactive rather than reactive, and given the stakes, we really need a holistic approach. In the US, the average cost of a data breach is now over $4 million, and may not include downstream costs such as higher cyber insurance fees and the revenue impact the business may experience due to reputational damage.

We need a new approach, and the lessons of a generation ago can point us in the right direction. Back then, cybersecurity professionals created disaster recovery and business continuity plans, calculating downtime and its disruptive effects to justify investing in a holistic approach. We can do it again, but it will require less focus on tools and more clarity of purpose.

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to provide guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

register here

Clear as Clay: Market Complexity and Diverse Cybersecurity Needs

One barrier to clarity is the increasing volume and sophistication of threats and the corresponding proliferation of tools to counter those threats. The rapid growth of cybersecurity solutions was already a trend before the pandemic, but work-from-home protocols significantly expanded the attack surface, prompting a renewed focus on security and even more new entrants into the security market. solutions.

The availability of new tools is not the problem: many of the cybersecurity solutions on the market today are excellent and much needed. But the expansion of an already crowded market, coupled with the proliferation of threats and evolving attack surfaces, makes it even more difficult for CISOs to know which path to choose.

Complicating matters further is the fact that every organization has unique cybersecurity needs. They have different assets to protect, and the ideal scheme varies considerably between organizations based on size, infrastructure (cloud vs. on-premises, etc.), workforce distribution, region, and other factors. Gaining clarity requires a change in mindset.

Gain clarity by focusing on results instead of tools

CISOs who are stuck in a reactive cycle can begin to break free of that pattern by focusing on results instead of tools. The Theodore Isaac Rubin quote at the top of this article is instructive here; the problem cannot be solved by replacing a faulty tool, although depending on the circumstances, that may be necessary.

The problem is the attitude about the bigger problem, that is, the illusion that we can solve our cybersecurity problems by finding the right product. The problem is being surprised when that doesn’t work, repeatedly.

Instead, it’s time to focus on the desired outcome, which is unique to each organization based on its threat landscape, and look for solutions across people, processes, and technologies to achieve that desired state. It can’t be all about software and platforms. If the years of the pandemic have taught us anything, it is that people and processes also have to be part of the solution.

The business case for a new approach

A focus on results and a plan that encompasses people, processes, and technologies is a modern strategy that borrows a page from the disaster recovery and business continuity plans of the past in that it is comprehensive. Accounts for the revenue impact associated with cybersecurity exposure and justifies investing in a new approach to avoid those costs; that’s part of the business case.

Another argument for change is that the rate at which threat vectors are growing and asset protection needs to evolve today needs to be addressed. In too many companies, the current cybersecurity posture is analogous to the way operating systems used to be regularly updated versus the live updates we now rely on. Everything moves faster now, so it’s not acceptable to wait for a new release.

A new approach will require broader input to formulate an adequate response because threats are more distributed than ever. CISOs need internal input from business unit employees and executives. They need information from the FBI and cybersecurity thought leaders. Many will require a partnership to guide the organization through this journey and allow the company to focus on its core business.

Finding the right cybersecurity solution

Identifying the right cybersecurity solution starts with defining your critical business assets and desired outcome. For CISOs who decide to partner with an expert to help them succeed on this journey, it’s a good idea to find a team that isn’t trying to sell a particular tool. It is also important to consult experts who understand that solving the cybersecurity problem will involve people, processes and technologies.

People are always going to be the first line of defense, so creating a safety-focused culture and matching processes will be critical. Therefore, it is essential to have a partner who understands the crucial role that people play. It’s also a good idea to require points of proof from potential partners, such as access to a client who has worked with the team through a breach.

Our cybersecurity problem is not what we think it is. The real problem is not accepting that there are no magic formulas and that only a holistic approach that addresses the true scale of the threat, and all facets of the attack surface, is up to the challenge. CISOs who embrace this can break free from the reactive cycle and proactively reduce organizational risk.

Peter Trinh is a Cybersecurity SME at TBI Inc.

Data decision makers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including data techies, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read more about DataDecisionMakers

Leave a Reply

Your email address will not be published.