Some might agree that our daily human experience is all about efficiency and compromise.
What do I need to do in the least amount of time, with the least amount of effort, to derive desired utility or gain? Maximum Result with Acceptable Cost
Or
What result could I live with by going cheap? Acceptable Result with Minimal Cost
Is it worth researching and haggling at the dealership just to get an additional $500 off a car vs. a more peaceful & seamless experience going with my credit unions purchasing service? Do I value maximizing the end result at a cost of hours of aggravation?
Do I have to spend $20,000 on my construction project with a professional firm with full licenses, or should I just go with that guy my friend of a friend knows? That pergola and side wall he built is sturdy enough, right?”
Or something even more mundane as mulling: Those day-old, discounted donuts on the back counter are nearly as good as those just coming out of the fryer Do I want 3 olds or one fresh one for the same price?
What do I need to do? What do I want to do? What SHOULD I do?
To bring the focus back to Cybersecurity concerns, the relevant question here is: What do I need to do to be secure? Its definitely a loaded question with an amorphous execution vision.
We all agree that not being breached is the desired end goal for our business, but things get fuzzy when trying to calculate the right balance of costs, measures, procedures, tools, training, etc.
You might ask yourself whether youre now truly secure after building up a robust defensive posture. Or wondering if your company could really benefit from the information a Penetration Test might reveal. Is it enough to be certified secure at a given point in time or should you adopt a continuous security readiness posture?
Your regulator or parent organization may recommend or even require you to adopt specific security measures to comply with their standards. The problem remains that compliance doesnt necessarily equate to your company being truly secure.
Given that Cybercrime is constantly evolving in its methods and impact, security is a moving target. The primary victims of, the opportunities for, and the security measures against hackers are also shifting. While financial firms might be considered a natural mark given direct access to private financial information, manufacturing firms also hold potential riches to hackers in the form of intellectual property (the next big engine, smartphone, or internet gizmo design).
Cultures of security may currently be distinct between a tech company and a healthcare organization, but that has to change. A hacker can just as easily obtain and monetize confidential product information as they can privacy data.
Ultimately, the frequency at which companies update their security measures and staff training may be as important as the depth and strength of the original measures taken. A new car wont perform as well at 30,000 miles as it did when new, if its oil, filters, tires, fluids, etc werent maintained. A business that doesnt update its malware or antivirus software, or keep abreast of ever-evolving threats and regulations will see its security posture erode as well.
All businesses today are past the point of wanting an efficient fix for Cybersecurity for the sake of satisfying an inspectors audit. You might achieve a certified, secure posture one day out of the year, but by the very next day your sensitive data stores have grown, compliance regulations could have evolved, and hackers have become better equipped and skilled at extracting and exploiting your data.
The threat landscape is dynamic, and so your business and your clients privacy require a continuous Cybersecurity focus, ensuring that both your proactive and defensive measures keep pace with the hordes massing outside your door.
About the Author
