Data breaches are not inevitable.
We here at Solutions Review reaffirmed this statement in previous articles and posts. In part we meant this as a reassurance. Your enterprise really can stay secure so long as it invests in the right resources, expertise, and solutions. Hackers may be evolving their digital threats but solution providers, security analytics tools, and incident response plans are evolving to keep up as well.
However, in an age of increasing enterprise-level data breaches, staying optimistic can prove just as daunting a task as securing your corporate endpoints and network.
Cynicism is becoming the prevailing attitude in cybersecurity, for security teams and employees alike. According to research from Kaspersky Lab, 86% of enterprise Chief Information Security Officers (CISOs) believe data breaches are inevitable. According to a study by BestVPN.com revealed 45% of consumers have done nothing to check if their personal data has been exposed in the past 12 months. Since consumers often repeat their passwords for their work accounts, this could represent a glaring security flaw in your network.
The cynicism thus appears widespread. But cynicism does not accomplish things. Cynicism does not, indeed cannot, secure your network or your most digital assets. In fact, cynicism can actually make it harder to motivate your employees to adopt new cybersecurity policies. If you are working to increase your cybersecurity budgets, it can make convincing the executives holding the purse stringers so much more of a challenge.
You need to overcome cynicism in your cybersecurity culture. But how?
Remember the Deterrence Effect
Part of what fuels so much of the cynicism in cybersecurity is the knowledge that talented hackers could subvert, circumvent, or otherwise infiltrate most enterprise’s cybersecurity protocols and capabilities.
This is a hard truth to try to refute. There is, however, good news about this: there are surprisingly few truly talented hackers on the web with the patience and persistence to work past complex cybersecurity platforms.
Many of the attention-grabbing data breaches of the past few years have resulted from glaring security holes and insufficient security visibility; in other words, networks proving rather easy to exploit. Hackers are humans, and thus prefer to follow the path of least resistance. This is especially true for hackers buying their hacking tools off the Dark Web. Everyone prefers an easy target.
Enterprises with strong cybersecurity protocols such as endpoint security and SIEM can deter the vast majority of cyber attacks just by being intimidating. Just the image your enterprise projects to hackers can provide a layer of security. Every layer counts.
Fix Your Cybersecurity Budgets
We could elaborate once again on how your enterprise needs to properly invest in strong cybersecurity via replacing legacy SIEM solutions, finding talented security team members, and improving your employee-level security training.
However we feel Maxim Frolov, Vice President of Global Sales at Kaspersky Lab, put it best:
“Historically, cybersecurity budgets were perceived as a low priority IT spend, but this is no longer the case. The attack surface of modern businesses is growing, and so too is the frequency and impact of cyberthreats and the cost of cyber incidents. The result is that more and more C-Level executives are now treating IT security as an investment.”
“Today, cybersecurity risks are top of the agenda for CEOs, CFOs and Risk Officers. In fact, a cybersecurity budget is not just a way to prevent breaches and the disastrous risks associated with them — it’s a way to protect business continuity, as well as a company’s core profile investments.”
CISOs and security teams face an uphill battle in overcoming cynicism at the executive level concerning cybersecurity. Cybersecurity often doesn’t have the visible return on investments or the guarantees executives need. Yet there is still an optimistic argument here: every investment in cybersecurity delays a potential hack and thus allows enterprises more time to work on their incident response and threat remediation. Both of these can reduce the reputational and financial damage of a data breach, saving your company millions.
Don’t let cynicism control your budget. Think positive even as you plan for the worst.
Training, Training, Training
The biggest attack vector for your enterprise is, as always, your employees. You need their full participation and observation in order for your SIEM, endpoint security, or security analytics to operate optimally. Yet if they already believe data breaches are inevitable, they are less likely to follow cybersecurity best practices or enact due diligence when defending against phishing attacks.
In fact, phishing attacks are in part designed to take advantage of this cynicism and of employee ignorance to subvert your cybersecurity protocols.
In addition making your security training engaging, memorable, and informative, you need to provide your employees with a sense of optimism. Their actions can make your enterprise stronger as you charge forward into the digital future.
If they don’t know it, they can’t act on it.
Other Resources from Solutions Review:
Latest posts by Ben Canner (see all)
- Key Findings: 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management (SIEM) - July 10, 2020
- 2020 Vendors to Know: SOAR - July 8, 2020
- Should We Move to a New Definition of SIEM? - July 6, 2020