Effective cybersecurity strategies inspire confidence – not panic
Cybercrime is a real threat to American business and there’s no arguing that cybersecurity should be front and center on boardroom agendas. Mega breaches are the unfortunate norm instead of the exception – with 4.5 billion records stolen in just the first half of 2018. That’s a 133 percent increase over the same period the previous year.
No business is too big or too small to escape unscathed: in fact, 58 percent of cyber-attacks target small businesses because they are easier to penetrate.
But too many CISOs and IT leaders try to focus attention on cybersecurity through a strategy that’s destined to backfire: FUD, otherwise known as Fear, Uncertainty, and Doubt.
There are many factors that drive this emphasis on fear-mongering. Security vendors often push the FUD agenda, with a vested interest in frightening buyers about cyber-risks. Media coverage of cyber-events also tends to trot out hyperboles that generate clicks, throwing around scary terms like “weapons of mass destruction” and predictions of horrific cyber-scenarios.
Even governments use FUD to get people on board with new cybersecurity regulations. Much of the conversation swirling around Europe’s new GDPR law, for instance, is focused on the major fines that await non-compliant companies.
Why doomsday hysterics don’t work
Here’s the thing: instilling a dose of healthy, rational fear about real cyber-threats is different from doomsday scenarios. The latter might help you meet a short-term goal, like pushing through an agenda outside your budget. But overuse FUD and two things are may happen:
- All the hyperbole turns IT into the Department Who Cried Wolf, and your colleagues will eventually become skeptical of even realistic risks you present.
- The money they cough up goes to the wrong places, as panicked company leaders opt to quickly invest in security technology with the most hype – instead of planning a thoughtful approach to adopting the best cybersecurity measures.
Cybercrime is ever-evolving, and hackers are constantly developing ways to get around the toughest company defenses. At the same time, IT departments are struggling against a major labor shortage that leaves them ill-equipped to wage war on these increasingly-sophisticated adversaries. We don’t need a crystal ball to predict that major cyber-attacks will continue to happen in 2019, and hackers will unleash new and unpredictable tools.
But to motivate decision-makers and protect your organization, IT leaders need an approach that inspires confidence – not panic. Effective cybersecurity strategies start with a meaningful dialogue around the most likely risks, followed by determining the best ways to address them. Maintaining the integrity, privacy, and availability of the organization’s data and systems is the biggest objective.
7 tips for selling your cyber agenda
Follow these tips for avoiding FUD fatigue while getting your organization to buy into a comprehensive cybersecurity agenda:
- Lose the tech talk. There are few faster ways to lose an audience than a discussion that gets too technical or is peppered with too much jargon. Simple is always better – explain the risks the company faces in a straightforward and easy-to-understand manner.
- Don’t ramble. Company leaders are busy, so get to the bottom line fast.
- Draw on real experiences. Using real-life examples of similar issues will help people grasp the potential impact to your organization. But don’t go too heavy on the doom and gloom – there’s only so many times you can threaten company leaders with becoming the next Target or Yahoo before your credibility is lost.
- Understand your priorities. Central to building an effective cybersecurity plan is addressing your single points of failure (SPOF). These are the parts of your system that will cause everything else to stop working if they are compromised. Identifying SPOF within your company and eliminating them by adding redundancies and other measures should be a top priority.
- Do your homework. Make sure you fully understand the risks and your company’s weaknesses so you can answer any question. Spend time thinking through objections that might be raised so you are ready to address them. Take time to identify sensitive data, assess threats, and understand your organization’s risk appetite before you present a plan.
- Emphasize staff training. Employee negligence is the leading cause of data breaches. More than 90 percent of malware is delivered via email in social engineering attacks, which infect your network by tricking employees into clicking on malicious links. The best cybersecurity strategy can fail unless it’s supported by a well-educated workforce that understands the proper processes to follow.
- Know the end-game. Have a solution in mind before you present your company’s cybersecurity problem. Remember, a solid game plan inspires more confidence than scaring your company into action.
FUD may have been useful in the short-term, but in the long run, it’s likely to damage the credibility of IT departments and cause panicked companies to throw cash at solutions that don’t really fit their needs. Abandoning the scare tactics and partnering with a skilled cybersecurity provider can help you protect your business with a robust strategy tailored to your needs – vastly mitigating the possibility of that nightmare scenario.
Absolute Logic’s clients across four states and 40 industries are guided safely through the threat landscape. Our wide array of services includes system security suites, risk assessment, education, and training and disaster recovery, and we specialize in helping New York companies comply with 23 NYCRR 500. If you’d like us to put our expertise to work for you, we’d be happy to help. Call us at 844-315-9882 or use our contact form for a free consultation.