Photo credit: Getty Images
Can’t you attend Transform 2022? Check out all the summit sessions in our on-demand library now! look here.
The problem is not that there is a problem. The problem is expecting otherwise and thinking that having a problem is a problem.
Theodore Isaac Rubin , American Psychiatrist
We’ve had a cybersecurity issue, but it’s not what we thought it was. The question is how we think about cybersecurity. When we need to change the way we look at cybersecurity issues, too many of us are caught in a passive cycle looking for a panacea solution.
For CISOs of companies across industries around the world, the struggle is real. An event occurs, and the organization responds. Many times the reaction is to buy a new software product that is ultimately doomed and start the reaction cycle all over again.
The problem with this approach is that it removes the opportunity for redemption to be active rather than passive, and given the rising risk, we do need a holistic approach. In the U.S., the average cost of a data breach is now over $4 million, which may not include downstream costs such as higher cyber insurance rates and the potential loss of revenue for companies due to reputational damage.
We need a new approach, and the experience of a generation ago can point us in the right direction. At the time, cybersecurity professionals developed disaster recovery and business continuity plans, calculating downtime and its devastating impact to justify investments in a holistic approach. We can do this again, but with less focus on tools and a clearer purpose.
MetaBeat will bring together thought leaders in San Francisco on October 4 to provide guidance on how Metaverse technologies can transform the way all industries communicate and do business, CA.
It’s clear: the market is complex Sexual and Diverse Cybersecurity Needs
A clear obstacle is the number of threats and The increasing sophistication and corresponding proliferation of tools to counter these threats. Rapid growth in cybersecurity solutions was already a trend before the pandemic, but work-from-home protocols have significantly expanded the attack surface, prompting a renewed focus on security and even more new solution market entrants.
Availability of new tools is not an issue—many of the cybersecurity solutions on the market today are excellent and much-needed. But the expansion of an already crowded market, along with ever-increasing threats and a changing attack surface, make it harder for CISOs to know which path to take.
To complicate matters, every organization has unique cybersecurity needs. They have different assets to protect, and the ideal architecture varies by organization size, infrastructure (cloud vs. on-premise, etc.), workforce distribution, region, and other factors. Gaining clarity requires a mindset shift.
CISOs caught in passive loops can begin to break out of this pattern and focus on tools for results. The words of Theodore Isaac Rubin at the top of this post are instructive here; the problem cannot be fixed by replacing the faulty tool, but it may be necessary depending on the situation.
The problem is the attitude towards the bigger problem, the belief that we can solve our cybersecurity problems by finding the right product. When this approach doesn’t work repeatedly, the problem can be surprising.
Instead, it’s time to focus on expected outcomes—each organization is unique based on its threat profile—and seek solutions across people, processes, and technology to reach the ideal state. It can’t be all about software and platform. If the pandemic year has taught us anything, it’s that people and processes must also be part of the solution.
Focusing on outcomes and planning with people, processes and technology is a modern strategy that draws on past disaster recovery and Business Continuity Plan as it is comprehensive. It illustrates the lost revenue associated with cybersecurity risks and justifies investing in a new approach to avoid these costs – part of the business case.
Another argument for change is the need to address the speed at which today’s threat vector growth and asset protection must evolve. In too many companies, the current state of cybersecurity is akin to the way operating systems were regularly updated in the past versus the real-time updates we now rely on. Everything is faster now, so waiting for a new version is not acceptable.
The new approach requires broader input to develop appropriate responses as threats are more dispersed than ever. CISOs need internal input from employees and business unit executives. They need information from the FBI and cybersecurity thought leaders. Many need to form partnerships to guide the organization through this journey and allow the company to focus on its core business.
Determining the right cybersecurity solution begins with defining critical business assets and expected outcomes. For CISOs who decide to partner with experts to help them succeed on this journey, it’s best to find a team that isn’t trying to sell a specific tool. It is also important to consult with experts who understand that addressing cybersecurity issues will involve people, processes and technology.
People are always the front line of defense, so building a security-conscious culture and matching process is critical. Therefore, partners who understand the key roles that people play are critical. It is also advisable to ask potential partners for proof points, such as access to clients who have worked with the team on violations.
Our cybersecurity issues are not what we think they are. The real problem is not accepting that there is no silver bullet and that only a holistic approach that addresses the true scale of the threat and all aspects of the attack surface can meet the challenge. CISOs who embrace this can break out of the passive cycle and proactively reduce organizational risk.
Peter Trinh is an SME in the field of cybersecurity at TBI Inc.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including technologists working with data, can share data-related insights and innovations.
If you want to learn about cutting edge ideas and the latest information, best practices and the future of data and data technology, join us at DataDecisionMakers.
You may even consider publishing your own article!
Read more from DataDecisionMakers