Coming out of the big annual cyber security shows always seems like a time when the industry takes stock of where it is and what potential threats could be looming. This year has been no different. Last week in this space I wrote about the major threats we are facing as a sector and a country, and how the potential for a catastrophic cyberattack on our infrastructure more than justifies the hype the security issue has been generating.
This week, I want to urge my fellow security professionals to keep the focus on what is important and not become overwhelmed by the sheer number of potential attacks. A recent story that caught my eye was an article in USA Today by Byron Acohido, titled “No slowdown in sight for cyberattacks.” It was an excellent piece and everything he talked about in the article was absolutely correct. There is no slowdown of cyberattacks looming and in fact, there probably never will be. Does that mean that we should stop using our networked devices and services? Absolutely not! Critical services such as financial transactions are conducted online literally millions of times per day without incident. Are there risks involved? Of course, but it really comes down to whether we can manage risk to an acceptable level.
The issues that we need to concentrate on avoiding are inaction, a form of security paralysis brought on by the high volume of potential threats, and the feelings of inevitable defeat. While a healthy sense of paranoia is a good thing because chances are you will be attacked at some point, whether or not suffering a devastating loss is inevitable is highly dependent upon your ability to protect your most critical assets. I sometimes hear in discussions with colleagues that this predictive approach to security may be an overly simplistic view and it’s not always that easy to identify what really matters to a business. To that I counter with a fairly basic analogy that I think we can all relate to. When you walk through your home on a Saturday afternoon and look at everything that you have accumulated throughout your life, it might be tough to decide what is most valuable.
However, wake up at 3am with the house on fire and it all becomes very clear: your family, your pets, perhaps some old photos – but everything else can be replaced. We need to adopt this mindset to every business. What is your organizational equivalent to the irreplaceable things in your life? Those are the assets you should be worrying about and putting security efforts behind.