Guilty Until Proven Innocent: How effective leaders think about cybersecurity

Cyber-crime is here to stay. Neither technology, compliance frameworks, nor government regulation will stop the threat.  It is a fight we didn’t choose but has forced business leaders to take new measures to protect their organizations. 

Cybersecurity is a very misunderstood topic the lack of understanding often causes poor decisions resulting in damaging breaches, unexpected downtime, and loss of productivity.  Fortunately, business leaders don’t need a technology background and years of training in order to start making better decisions and reduce cyber risk.

It starts with leadership
Business leaders must start by understanding the fact that cybersecurity is now a standard requirement for doing business.  Leaders should enable their IT organizations to prepare for a potential breach, accepting that this is a significant business risk and must be treated as such.

It’s not about being “un-hackable”
We must eliminate the idea that, “Everything is hackable, so why try to protect ourselves?”  The majority of risk comes from cyber criminals seeking the quickest and easiest way to make money.  Cyber criminals are looking for the easy targets, the “low hanging fruit.”  Effective cybersecurity is not about being impenetrable.  It is about being a harder target than others, causing cyber criminals to move on.  

People and processes before technology
Cybersecurity is not just about technology.  People are the most vulnerable element.  Effective processes and a high level of awareness training significantly reduce the risk of cyber-attack.

Maximize what you have before investing in new technologies
Thousands of cybersecurity hardware and software solutions are on the market today.  However, many organizations haven’t maximized the security capabilities of the technologies they already own.  Be sure you’re getting the most out of your current technologies before spending time and budget on new solutions.

It’s one thing to talk about cybersecurity, it’s another to have it in writing
The importance of documented and enforced security policies and procedures cannot be overlooked.  Cybersecurity policy and procedure documentation proves to your employees and clients that your organization has thought through the risks and taken proactive security measures.

Users are guilty until proven innocent
Unfortunately, we must treat the use of technology in a manner opposite to our justice system’s approach.  Rather than being innocent until proven guilty, technology users are treated as guilty until proven otherwise.  Cyber criminals will continue to seek opportunities to inflict damage for profit, so we must always validate our users’ identities and limit access to what is required to perform their specific roles and job functions. 

While cybersecurity is a complex and often misunderstood topic, the concepts we touched on above have helped thousands of business leaders make better decisions, reduce business risk, and even prevent catastrophic breaches.

About Silent Sector
Silent Sector is a cybersecurity firm of industry-leading experts, providing tailored services for the specific needs of mid-market and smaller companies.  Our team functions as a complete cybersecurity department for organizations without in-house capabilities.  For organizations with internal cybersecurity professionals, Silent Sector is a force multiplier, scaling capacity and accelerating results.  Silent Sector also offers penetration testing, cyber risk assessments, compliance support, incident response, consulting, and other services to support a proactive security posture and fulfill specific compliance requirements.

Contact us for a complementary consultation at info@silentsector.com or visit www.silentsector.com