532 words, Estimated reading time: about 3 minutes, 45 seconds
When a mechanic tells you that you need to replace the brake pads at a cost of $300 you may balk at this cost to begin with until you realise that compared with the cost of your family member’s lives should you not make the brake pad purchase and the brakes fail.
In this case the cost of inaction is far greater over the longer term that the cost of action. It’s at times like this when we need to put our famous Aussie “she’ll be right, mate” mentality aside and weigh up the real implications of inaction versus action.
This is also true of combating cybercrime. It may be costly, but failing to combat cybercrime is costlier. That’s exactly what is happening today. You are spending money to address the problem but not in ways which can make the greatest impact.
But don’t be alarmed, your organisation is not the only one making this mistake.
For more than two decades the members of our team have worked with thousands of leading brand name companies and government agencies, yet have not witnessed even one organisation get it right until they learned these three fundamental truths we are about to share with you now:
- Cybercriminals don’t care how they get access to your information – it could be rummaging through a garbage bin, breaking into vulnerable technology, or sending emails to gullible people who click on the link and give cybercriminals inadvertent access. Garbage bins, technology and people exist all throughout your organisation so expecting IT to be across all of this is short-sighted. Cybercrime is not an IT problem but a business problem that IT can play a part in.
- Your organisation invests a lot of effort in attempting to prevent cyber threats. This makes a lot of sense. After all, prevention is better than cure. At least that’s what your doctor will tell you. As all resources are focused on threat prevention, which is increasingly failing as threats become more sophisticated, when a threat slips through, it becomes an attack and your organisation’s reactive and sporadic response needs to be replaced with strategic planning for “what if” scenarios.
- You might expect that the ultimate solution to addressing cybercrime is cybersecurity, but security is very limited. In fact, the definition of security is to be free from threats. This is impossible to achieve, and anyone tasked with an unachievable goal has no option but to fail. Your organisation needs to achieve cyber resilience, a state where threats may fail to be prevented from time to time, but the ability to respond to attacks, recover from breaches and mitigate the damage from impacts are key to adapting and achieving resilience even in the face of adversity.
Pictured here is a cyber resilience maturity chart. Cyber resilience is on the right and chances are you are closer to the left. The cost of achieving cyber resilience is far less than the cost of cybercrime if you are vulnerable, reactive or compliant.
If you want to burn through money quickly, then keep to the left, otherwise start working your way to the right and the cost of cybercrime, to your organisation, will plummet.