OPINION: Why Perfection is the Enemy of Progress in Cybersecurity

By Muhammad Chbib [ Join Cybersecurity Insiders ]
1080

By MuhammadĀ Chbib,Ā CEO ofĀ AutobahnĀ Security

Is your organization suffering from cybersecurity paralysis? Many businesses are in cybersecurity panic-mode due to the steady stream of alarming news that ‘nobody is safe’ from hackers. While it’s true that all businesses are technically ‘hackable’, it’s important to see the bigger picture – cybercriminals tend to focus their efforts primarily on high-yield targets. That means striving for cybersecurity perfection is unnecessary for most companies.

In fact, perfection is the enemy of progress in cybersecurity. Striving to be ‘perfectly secure’ isĀ ultimately anĀ unrealistic and unachievable goal that comes at a massive detrimentĀ to innovation and productivity. Rather than aiming for perfection, businesses should take aĀ pragmatic approach to making themselves less vulnerableĀ ā€”Ā and focus their efforts only on the risks that matter most to the hacker. Taking a measured, strategic approach to cybersecurity will have the most impact where it counts, and this approach will also protect aĀ business’sĀ capacityĀ for innovation and productivity.

Most companiesĀ donā€™tĀ get hacked, most of the time

Hackers are rational and will pick the easiest targets in terms ofĀ snatching cashĀ or stealing information. For example, unless a new websiteĀ generatesĀ a certain amount of revenue,Ā there’sĀ no urgent need to keep it ‘perfectly secure’, because hackers areĀ most likely notĀ interested in small, unprofitable targets.

Using benchmarking to ensure a businessĀ remainsĀ above the industry average for ‘hackability’ helps decrease the likelihood of an attack. Companies can set milestones in the lifecycle of new apps and productsĀ they’reĀ developing to reveal the correct time to introduce robust cybersecurity measures. This can help businesses prioritise their cybersecurity efforts and make the most impact where it counts.

Balancing ā€˜healthy paranoiaā€™ with innovation

Security is not the most important part of a business – a statement which may come as a shock from me, a security practitioner.Ā Yes, cybersecurity threats areĀ rising,Ā and a solid security strategy should be implemented in every organisation, howeverĀ itā€™sĀ vital that overzealous cybersecurity practicesĀ donā€™tĀ threatenĀ the ability of companies to innovate,Ā takeĀ risksĀ and embraceĀ new technology.Ā Unfortunately, this is something I see happening every day.Ā 

CSOs, CISOs and IT leaders today are pulled in multiple directions within organisations, often expected to juggle overwhelming volumes of information and make rapid decisions to ensure all vulnerabilities are addressed. Many areĀ overwhelmedĀ enough to leave the workforce entirely, but others are simply fighting the growing number of security threats with ā€˜healthy paranoiaā€™ andĀ being extra forcefulĀ with their input.Ā This approachĀ isĀ using a sledgehammer to crack a nut:Ā a disproportionate reaction thatĀ can haveĀ unintended negative impacts on other parts of a business.Ā 

Going overboard with security can stifle the unique cultural elements that propel companies to global success, which is ironic since business leaders investing in cybersecurityĀ are doingĀ so with the best interests of their company in mind. ButĀ tunnel visionĀ securityĀ doesnā€™tĀ care about innovation;Ā itā€™sĀ only interested in preventing total disaster. As a result, striving for security above everything else often means taking fewer chances onĀ new ideas, or losing the appetite andĀ capacityĀ for innovation. It can create a demoralised workforce with lower productivity, and it can make companies fearful of taking potentially worthwhile risks – all of which are detrimental to a companyā€™s future and broader market opportunities.Ā 

The good news is thatĀ thereā€™sĀ no need for businesses to panic when faced with a huge volume of cyber-threats, because inĀ mostĀ cases – and forĀ mostĀ businesses – the risks areĀ very low. Security experts see threats everywhere, but this needs to be compensated forĀ by regularlyĀ stepping back and regaining a sense of perspective on which risks areĀ real now, and which may become real in the future butĀ donā€™tĀ require immediateĀ attention.Ā However ā€”Ā thatā€™sĀ easier said than done!Ā Luckily, there are tools out there to help you assess risk and get advance warningĀ ofĀ your biggest threats.

By thinking rationallyĀ (and from a hackerā€™s perspective)Ā about which risks will result in actualĀ harm, andĀ which are purely theoretical, businesses can find a more balanced perspectiveĀ on cybersecurityĀ which can empower them to pursue opportunitiesĀ and innovateĀ as normalĀ ā€”Ā without unnecessary fear. A healthy dose of paranoia is always aĀ goodĀ thing,Ā butĀ practising moderation and reason (instead of perfectionism)Ā isĀ theĀ most sensible, sustainableĀ wayĀ toĀ establishĀ strong cybersecurity foundations.Ā 

Ad

No posts to display