The Security Perception Versus Reality

By Eric Noonan • January 18, 2015

In today’s hyper-connected digital world, information technology reigns absolute. A long-standing and critical strategy for businesses is to safeguard their intellectual property, financial information, and reputation. Yet in just about every vertical market, large scale cybersecurity breaches continue to mount, security spending is down, and data trends point to an alarming increase and acceleration in enterprise breaches over the next few years. Simply put, businesses are struggling to find the right cybersecurity approach in today’s hyper-connected digital world.

Most businesses look at cybersecurity as an IT challenge for IT to solve but it is more than just an IT challenge, it’s a business imperative for continuous adaptation to their cybersecurity reality. State-sponsored and determined threat adversaries, cheaper and more accessible resources, and new innovative technologies represent a set of constants for businesses with each containing dynamic variables that increase a business’s exposure to cyberattack. To sufficiently protect competitive advantage and shareholder value, businesses must adapt their approach to cybersecurity to keep pace. Those of us who have been in the game long enough will recognize this as a painful truth. If you look back just six or more years ago, you’ll find a fundamental change in the approach business take today with cybersecurity breaches. Where focus used to be on preventative strategies, businesses today now view cybersecurity breaches as inevitable and instead focus their resources on managing and mitigating the impact from cyberattacks.

Another major change over the years can be seen with the sheer volume of media exposure for cybersecurity. News outlets across the world are standing by and ready to report on the latest and greatest enterprise cybersecurity breach or controversial revelation (evidence by the latest and already trending NSA leak that was published on the German website Der Spiegel).  This heightened attention on cybersecurity has also provided businesses with a powerful marketing strategy to elevate their value propositions by championing their own cybersecurity prowess. As an individual who has been practicing cybersecurity for over a decade now, I would be amiss if I didn’t acknowledge that this attention has also helped drive better cybersecurity practices, regulations, and technologies. But at the end of the day, the reality is that cybersecurity is just not something that gets a lot of executive attention.

This creates a bottom-up approach for cybersecurity teams that are trying to get their business to take cybersecurity seriously. These teams face a minefield of corporate politics that significantly reduce any likelihood they would have for security success. This is compounded for larger enterprises as cybersecurity teams require stakeholder cooperation and collaboration from across the business in order to be successful and these stakeholders do not always see eye to eye on the business’s cybersecurity issues and goals. But whether the business is small or large, stakeholder disparity will ultimately stagnate progress and force the cybersecurity propagative into the background driving attention back to the more pressing issues found in daily operations- until there is a cybersecurity attack. Then the cybersecurity propagative returns in force by enacting emergency responses and an overabundance of resources that are exclusively dedicated to damage control.

 

This reactive approach is business reality and it is all too common.

The CIOs and CSO/CISOs of today, have the grand responsibility of challenging this reality by underscoring the criticality of safeguarding the data and information systems inside their business. They must communicate that an effective and robust cybersecurity program can better position their business, partners, customers, investors, and other stakeholders for success. CIOs and CSO/CISOs must lead the charge across their business by assigning accountability, assessing the information security risks within their IT environments, defining their digital crown jewels, and devising a strategy that measures both the security progress and success. Businesses that take a sustained approach to cybersecurity also take better advantage of the latest innovative technologies in mobile, social media, and cloud, which help a business maintain its competitive edge and drive growth.

At CyberSheath, we specialize in supporting strong security leadership by equipping them with a comprehensive approach that continually links cybersecurity back to the business strategy, ensures security investments are maximized, and elevates the security posture of their business better positioning them for success.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft