We live in a new world where cybercrime is bigger business than the global drugs trade. Cybercriminals can be both targeted and indiscriminate. It’s a $2 trillion business. Worrying stuff. Almost numbingly so, given the endless breaches, incidents and vulnerabilities reported by the (not so fake) news media.
On the flip side, business leaders increasingly claim that at last they ‘get’ cyber security and they’re prepared to throw resources at it. Rejoice! Well not so fast, because here’s the rub…
In our experience there’s a significant disparity between the view of top management – that they’re affording cyber security the attention and budget it deserves – and the view of the professionals tasked with delivering said cyber security. That’s a dangerous situation to be in, and at best it lulls companies (and the rest of us) into a false sense of security.
Here’s the logic…
For many organisations, a cyber security programme amounts to little more than slamming the stable door shut after the horse has bolted. Why? Because these organisations devote huge resources to implementing point solutions that may bear little relation to the underlying risk they face. Such point solutions, while bearing impressive names and costing a small fortune, are often the equivalent of slapping go faster stripes on re-packaged implementations of technologies that have known limitations.
Don’t get us wrong. Technologies have an important role to play. Just don’t place blind trust in them. Rather, understand what information assets are important to you – along with how and why they might be compromised – and then prioritise your efforts from there. At CRMG we do the following:
By following a pragmatic process that focuses on your requirement for security, you’ll avoid devoting time and money to programmes that, when push comes to shove, amount to ‘too much, too late’.
About the author