Cybersecurity: Duck and Cover or Stand Up and Do Business?
Cybersecurity isn’t working today. In 2016, the Ponemon Institute reported that each of the 383 companies it surveyed had a “26 percent probability of a material data breach involving ten thousand lost or stolen records” within the “next twenty-four months.” Take this beyond two years—say to the projected life of your business—and you must accept the certainty of data breach. If cybersecurity were working, that certainty would not exist.
What has gone wrong with cybersecurity?
The exponential development of digital technology has left it in the cyber dust.
Look back about fifty years. The first serious business computers were components of “systems of record.” Their function was to record, store, and process data. Interactivity with outside users was minimal. Advance to emergence of the Internet. Systems of record became systems of engagement, so that, today, intensive interactivity with an expanding universe of connections is the most coveted of assets. Isolation, the hallmark of systems of record, is now irrelevant at best, a liability at worst.
Yet concepts of digital security have failed to keep pace with this tsunami of change. For most businesses, “security” remains, first and last, a wall that has repeatedly shown itself permeable.
The problem is not that security concepts born in the era of minimally networked computing are ineffective. The problem is that they are not 100% effective today. This means that intrusions and breaches will happen and will happen to you.
What will you do when the bad guys are in your computers, rummaging, looking, looting? What do you really lose when your intellectual property is compromised and your customers’ personally identifying information, financials, and credit credentials stolen?
Choose digital resilience now before it’s too late. Accept the inevitability of a breach and prepare to fight and prevail. Dedicate less of your cyber spend to security and more to becoming resilient. After all, we know that some attack some day will defeat security measures that can never be both impenetrable and compatible with doing business online.
Executives who lead digitally resilient businesses ensure understanding of the connections, strengths, and potential vulnerabilities of their network. Resilience is built on knowing which threats are imminent, likely, or merely possible. This requires profiling the kinds of data the organization’s network holds and then deciding which assets must be accessible to the outside and which must be guarded more closely.
Leaders of digitally resilient organizations involve the whole enterprise in coordinating the stewardship of data assets and digital infrastructure. They educate themselves and all employees about safe computing practices and data handling. They treat the network as the ecosystem it is. This means making no changes that fail to consider the context of the whole system. They favor segmented network designs, which halt cascading failures by allowing local intrusions to be contained. And they recognize that “their” network does not end at any physical property line. So, they evaluate the resilience not only of the systems they operate, but also those of the vendors and others with whom they connect.
Digital resilience does not replace traditional security, it accompanies it. Nevertheless, resilience should be prioritized over security. There are two reasons why. First, because security is not bulletproof. It can be penetrated. Without resilience behind security, you have no effective way to contain an intrusion and minimize its impact. Second, hunkering down behind a fortified perimeter is not a competitive business practice. Connecting is. Digital resilience gives you the confidence to stand up, connect, and do business.
Digital resilience rejects security as the sole means of network and data protection. Resilience begins when you accept not just the inevitability of cyberattack, but of intrusion and even breach. Digital resilience enables you to fight back and fight through the inevitable assaults. In the end, security is a security issue, whereas digital resilience is a business issue. It is a strategy to do more than survive in a hazardous online environment. It is a set of tools and policies for doing competitive business in that environment, no matter what is thrown at you. Even better, as a strategy rooted in connectivity, digital resilience offers more than protection for your business. For the more resilient each network is, the more secure interconnected networks become and the healthier the global digital ecosystem is.
Have you read?
# Ray Rothrock‘s book: Digital Resilience: Is Your Company Ready for the Next Cyber Threat? AMACOM; Special ed. edition (April 17, 2018)
# Top 20 Richest Sports Team Owners In The World, 2018.
# India Rich List For 2018: Richest Indian Billionaires.
# China Rich List For 2018: Richest Chinese Billionaires .
Latest posts by Ray Rothrock
- Cybersecurity: Duck and Cover or Stand Up and Do Business? - October 1, 2018