If you have been paying attention to the ongoing debate in Washington regarding the fate of the Cybersecurity Act of 2012, you undoubtedly know by now that the latest efforts to enact a form of cyber legislation have failed. At the heart of these proposed measures has been the issue of sharing information on threats between government and industry in order to identify attacks more quickly and limit the damage they can inflict.
While we could assign blame as to why this bill did not pass, the reality is, this issue isn’t destined to be resolved anytime soon. Organizations that may have been depending on, or at least hoping for some form of governmental guidance on where the threats are coming from, now have to take a much more proactive approach to their security strategy.
When in doubt, organizations will often use guidelines or standards as a way of determining whether or not they have met an acceptable threshold of oversight. Whether it is financial reporting, privacy, employee safety or any number of examples, these mandates allow them to “check the box.” Security, however, needs to be looked at through a completely different lens. Security is about protecting the assets that form the basis and the value of your business.
Although some of the items outlined in the bills that have been debated in Congress have value in combatting threats to your organization, no standard or bill enacted by the government can provide the security needed to protect your organization from a catastrophic loss. Only you can ensure that you are identifying the assets in most need of protection and then following through with the dedicated resources to make it a reality.
At a time when hackers have an advantage, we can’t allow ourselves to look at security as a check-box activity. The fact remains, every organization that possesses data of value is likely to be attacked at some point, and only through a proactive and predictive approach to security can we ensure that these attacks are thwarted and not allowed to cause substantial damage to the company.
– Mark Hatton, President, CEO