Cybersecurity Is A Competition Issue For Business

Uploaded on 2015-09-21 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms, BUSINESS-Services-Health & Welfare, BUSINESS-Services-Financial, BUSINESS-Services-Consulting, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy

20141125152439-competitors-should-collaborate-more-cyber-security.jpeg

The current environment around cybercrime is quickly becoming a forcing function that’s causing businesses to begin evaluating how they’re doing cybersecurity across the board. 

Most importantly of all, it’s forcing companies to start thinking about how to measure and prepare for the real, business impacts of cyber threats lest they be held legally accountable by, say, the fine folks at the FTC. Or any number of voracious civil suit-seeking lawyers closely monitoring their failings and foibles.
But words and phrases like “begin evaluating” and “start thinking about” don’t equate to decision-making or “doing” anything real about it at all. 

In fact, despite a cyber and business “pop culture” zeitgeist brimming with signs and indicators that people really are starting to notice cyber insecurity an alarming number of companies put some very considerable roadblocks in front of themselves for not getting started on the same sorts of “competitive intelligence” programs for cyber that have become widely used and benefited from across industry.  
 
Some of my favorite excuses that I’ve heard from companies who want to avoid engaging in cyber intelligence functions?
• We’re not ready; we’re just not mature enough to make use of it.
• What would I do with this information anyway?
• How can I justify the expense and time if I can’t measure the benefits?
• I don’t have the right people and processes to handle it.
Absurd as this sounds, could you imagine a company being told one of their products presents a choking hazard saying, “Meh, we’re not mature enough to make use of this information.” Shockingly, this is pretty much exactly what’s happening when it comes to equally risky cyber threat information.
But it seems most just don’t see that cyber intelligence needs to become a prioritized, resourced part of what they’re already doing.
Now, in fairness, most of these excuses are actually quite real and tangible for the companies making use of them. In other words, most companies are, in what has become a stark reality, very immature when it comes to cyber defense.
Companies really don’t have the cyber expertise on hand in the right numbers. They don’t have well-developed processes in place internally (and externally to partners and customers) to deal well with even known threats, nor or the right tools on hand or a budget commensurate with the problem. Most companies don’t even know how big their cyber problem is, much less what to do with information about any one threat or the other.
But let’s apply this same set of excuses to, say, product development.
Would a company that wants to be successful in their marketplace not try to establish - and very quickly - all the necessary means to gather and use intelligence on what the customer wants, what their competitors are up to, how their products compare, what they’re doing better or worse, etc.?
Not a chance.
And that’s what is so confusing - and telling - about the reaction businesses have to even getting started gathering this sort of information about their cybercrime competition:
What these excuses say about most organizations is that most simply don’t have a real corporate strategy for cyber defense complete with focused objectives for how they want to defend themselves across the board from exploit.
And most are in fact lethargic, lazy and reluctant when it comes to doing anything about it.
In other words, unlike with products or sales, companies are not devoting time, energy, focus and a long-term commitment to what they want to be and achieve with their cybersecurity. There’s no plan, no blueprint developed for and bought into (and nurtured) by corporate leadership from the lowest rungs of cybersecurity management and all the way up to the board of directors.
In short, there’s just no cyber business plan - and few who care enough to develop it.
Cyber Security Strategy is Becoming Corporate Strategy
When a company develops its products or services for market, it develops an overall plan - a shared strategy that everyone in the organization can see and support by virtue of their part to play in it.
Whether you’re in product development, R&D, finance, marketing or sales, you depend on a cohesive, clear and cared-for map of where you’re going.
In all cases, these plans are highly dependent on data. Research is performed and insights are shared in a collaborative way as key players work together from all parts of an organization to develop ideas into marketable things.
Over time, the process by which companies stay competitive by evolving, pivoting and fixing is rooted in this continual and disciplined data collection and analysis. It forms the basis for refining raw ideas into initial offerings, then supports the perfection of those ideas through a product or service lifecycle.
Most importantly, a clear plan not only provides a unique vision of where you’re going, it governs day-to-day operations. Without it, resiliency and continuity of operations isn’t possible.
As well, it helps companies and their individual organizations avoid:
• Getting complacent across the board
• Becoming disorganized, inefficient and stovepiped 
• Being surprised by disruptions in the market 
• Wasting precious talent and expertise 
• Failing to deliver on continuous improvement, evolution
• Failing to satisfy customers
• Losing money to waste, fraud, abuse and litigation
• Conducting risk management and mitigation 
All of these things lead to a quickly tarnished brand. Like a shark, a business must keep moving and eating or die. And data and analysis is the energy that propels this motion.

Right now, too many businesses across the globe are operating without a proper cyber intelligence function that makes it possible to develop this data-driven plan in the first place.

Without it, they have nothing that tells them, quite simply, what their specific cyber risks are based on who they are as a company, including their:
• Customers and suppliers 
• Technologies used
• Internal business organizations
• Products manufactured and sold
• Data stored
• Overall brand and reputation
Under these circumstances, a clear plan and shared strategy is impossible.
Sadly, even with more coverage of breaches, more executives losing their jobs, more companies taking major brand hits… many companies are still putting cybersecurity squarely as a problem for the geeks. The engineers. The people (like me) who are awkward to be alone with in an elevator. As such, cyber is their problem. A technical problem that’s far too “in the weeds” for management to care about.

They get their hour in the quarterly staff meeting, you get some slides and spreadsheets and request for more money.
Until cybersecurity is seen and treated just like any other critical business problem with the same needs for intelligence gathering, tools and analysis to support decision-making, companies will continue to lose. Lose in bottom line revenue, lose customers and lose lots of cash to legal expenses in tough litigation that could also cost them brand and reputation. 
“Cyber intelligence” is “competitive intelligence” by any other name. Kinda the same way “cyber attack” or “data breach” has become just another alias for “legal fees.” 
Security Week:http://http://bit.ly/1VZRf4V

 

« Tor Gets Help to Anonymise Users of 'dark web'
A New Design for Cryptography’s Black Box »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

TNO Cyber Security Lab

TNO Cyber Security Lab

TNO Cyber Security Lab is a dedicated facility for innovative and experimental research with the goal of a safe and resilient cyberspace.

InfoSec World

InfoSec World

InfoSec World conference and expo covers all aspects of information security with a broad agenda of sessions on key security issues.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

Netwrix

Netwrix

Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach.

Cyberteq

Cyberteq

Cyberteq is an innovative Information and Communication Technology Consulting Company, enabling it’s customers to take full advantage of the latest technologies in a secure manner.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

Data Theorem

Data Theorem

Data Theorem is a leading provider in modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

ICS-ISAC is a non-profit, public/private Knowledge Sharing Center established to help facilities develop situational awareness in support of local, national and international security.

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

Keytos

Keytos

Keytos has revolutionized the Identity Management and PKI industry by creating cryptographic tools that allow you to go password-less by making security transparent to the user.

Arculus Cyber Security

Arculus Cyber Security

Arculus Cyber Security enables customers to securely realise the benefits of digital transformation through pragmatic solutions, guidance and services.