When it comes to cyber threats, the gap between what leaders want to hear and what security managers want them to hear may be very large, indeed. Corporate cultures often develop around a cheerleader CEO, ensuring employees and stakeholders that the company is well positioned to surmount any risk that presents itself. Traditionally – and in many cases, still – the business was organized to engage in internal planning and strategy cycles that provided incremental and relatively predictable outcomes.
As a function, corporate information security is the “new kid on the block,” and its stirring up new concerns, new questions and new ways of looking at business risk. No longer is acquisition of ownership of assets, through physical property, patents and the like, the only measure of success. Certainly that is still important, but the role of technology as infrastructure and the importance of digital business data as another form of asset requires businesses to not only look at the growth of property, but the almost inevitable loss of it. Few companies could have ever imagined that the information revolution would require them to acknowledge that there is an extremely good chance that it will lose something of value to parties that are impossible to identify.
There is precedence – patent infringement and knockoffs of goods by international manufacturers, and corporate espionage have been around a long time and, like cybersecurity, involve the theft of data and ideas. Cybersecurity can be viewed as the new wave of IP crime. Still, cyberthreats seem different – more embarrassing. One study showed that 23% of incidents in the manufacturing sector resulting in loss of intellectual property were caused by malware. Why wasn’t the company protected? What went wrong? Isn’t the company strong enough to defend its own systems? A stranger found your company’s flaws before your employees did? Whose fault is that?
The economics of information security is changing from defending the perimeter to mitigating and managing risk outcomes because it has to. Technology investments would far outweigh the ability for a company’s ability to profitably support them, and without the guarantee that a breach would be avoided. It’s more important than ever for security managers and C-suite executives to work together and determine the risk they are willing to take, and how they can maintain company strength and shareholder value with the risk profile they adopt.
Still, the foundations of security are critical to face cyber threats. Maintaining vigilance and resilience, monitoring, fortifying networks and devices, ensuring up-to-date security plans in line with current and expected trends, security testing against risk expectations, and rapid response to breaches and exploits continue to require resources, expertise and effort.
Technology has provided many advantages to the efficiency and productivity of firms across industries. But like any crowded public throughway, it’s speed, structure and anonymity also make it susceptible to increases in aggression and misuse. Finding the right balance of prevention, mitigation and insurance against loss is more important than ever.
Tekkis cybersecurity consulting and testing can help you to test your operations against acceptable risk when it comes to cyber threats and vulnerabilities. Contact us at firstname.lastname@example.org to discuss your security concerns, and the wide range of services we offer to fortify your networks and strengthen your business.