IT IS A MINDSET PROBLEM
By Felix Rosbach, VP Product Management, comforte AG
Most cybersecurity vendors across the world would like you to believe that their product or service is the one and only solution to cybersecurity problems. However, as we know, the silver bullet to cybersecurity does not exist. The first battle is often not against cybercriminals, but the very businesses and institutions that we are trying to protect.
Data doesn’t lie, but our brains do
Most organizations are processing a massive volume of data, often across international borders, which entices cybercriminals to exfiltrate sensitive and lucrative information. Unfortunately, many business leaders still do not prioritize security to the extent that they should; at least not until it’s too late. It is only when things go wrong that we try and reclaim control – a typical human behavior.
Imagine if your brand-new Mercedes would get dented by a shopping cart, and you didn’t have the top insurance. You’d certainly get the insurance after that. Even if the damage is minimal, the cost of services and repairs on a machine as complex and intricate as a Mercedes would be huge. Now imagine that this brand-new Mercedes is an entire corporate network driving the business forward, infinitely more complex than a single machine. What is stopping you from investing in preventative measures now that could save you a fortune in the long-run?
Human nature fails organizations when it comes to cybersecurity. For many non-technical business leaders, cybersecurity seems out of their control. And while it doesn’t need to be just a mere insurance but an enabler, some still think, “this solution is going cost us an incredible X amount,” or “we might have to retrofit this into our business applications but that gets expensive,” opting instead to address things within grasp. “Now let’s just re-define what MVS (minimum viable security) means for us, change our firewall and get everybody to change their passwords. That will save us on costs.” But surprise, they get hit by a cybersecurity attack, lose customer data, pay all the lawsuits and non-compliance fines, that will ultimately cost a multitude of a good cybersecurity strategy. Human nature suggests that until the bad thing happens, we will opt for the path of least resistance. From a business perspective that often manifests in putting budget first, regardless of the risk.
The landscape has changed – the mindset needs to change as well
Something that wouldn’t have caused business disruption ten years ago now can raise serious issues. The precarious nature of today’s global supply chain, for example, has been laid bare in a painfully obvious way. From the top down, stakeholders in organization must understand that threat actors are out there looking for any weak points in the infrastructure to infiltrate the system. A simple but successful phishing scam could give a threat actor a foothold in any corporate environment.
But it’s not only about the risk of getting breached anymore. Most countries do have regulations requiring organizations to protect sensitive data of individuals. Being non-compliant is not an option anymore and an organization’s compliance department will enforce regulations internally. This ultimately might result in transformational barriers, not being able to use and process customer data in the way an organization would like to use them to stay agile and ahead of the curve.
It is important that we do change our mindset, start thinking about a cybersecurity strategy that enables our business agility rather than being just a mere insurance for the inevitable. This will not only put our focus on the most important asset – data – but also results in a strategy that supports the business and doesn’t stop it.
A data-centric mindset enables agility
Due to the pandemic more companies adopted digital technologies and cloud faster. The last 24 months have showcased how cybercriminals have been taking advantage of the dispersed workforce and often misconfigured architecture with opportunistic tactics that could be easily avoided. We should stop to focus on preventing breaches and unauthorized access. With cloud adoption and work from home we should always assume that we are breached (#zerotrust). But this should never stop us from being agile and innovative. It should not stop us from delivering a great customer experience and to jump on the next curve.
The right cybersecurity strategy will support all of this with automation, and a strong focus on data not only drastically reducing the impact of potential data breaches but enabling organizational agility while being compliant.
But we all know: the biggest challenge may not be implementing a good cybersecurity strategy across your digital infrastructure. The biggest challenge often starts much earlier – getting the backing of board and C-suite executives, and educating on what cybersecurity can be – a true business enabler.
About the Author
Felix Rosbach is Product Manager for Enterprise Data Security at comforte. Drawing from his vast experience and expertise in cybersecurity & cryptography, he is responsible for the success of comforte AG’s strategy for Enterprise Data Security and connecting with companies to secure their data and their growth. Felix has been passionate about technology, cyber-security and hacking since he was in grade school. He began his career as an IT professional over ten years ago and has gained a great deal of experience and market insight into the data security industry. He started off in systems integration where he was responsible for infrastructure management, system hardening, intrusion detection, anti-virus solutions and encryption.
Felix can be reached at firstname.lastname@example.org and at www.comforte.com