Cybersecurity’s newfound direct link to business value
Written by Paul Maher
Antivirus and a firewall, that’ll do it. That was the sort of glib statement those of us in IT used to tell ourselves in the pre-social media era.
Things were easier back in the days before cybercriminals could make a very good living from stealing our data, extorting us to pay ransoms or compromise the security of an entire nation. How times have changed.
Nowadays there is much more cyber insecurity around. There are multiple advanced attacks each day and according to Positive clients there are thousands of ransomware demands each quarter. Many are paid in full by corporate victims desperate to get back what they lost, protect their brand and hope the bad guys don’t come back again, before they are patched up
Our online world, or cyber landscape, has evolved from a ‘One and done’, firewall-plus-AV, landscape to one where even the best-rewarded cybersecurity professionals need to be on constant alert with real-time capabilities and crisis plans. Meanwhile their boards have to deal with a zero trust, advanced threat, cryptojacked dystopia, where sometimes all the money in the world cannot buy real protection
The best, the most realistic organizations, realise it is not when, but if they are breached and with that in mind, they stay in an ‘Always On’ state of readiness. They know, an annual pen test fest with Red Teams versus Blue Teams and large bills to follow, are mostly for show. The day after the test, their ‘Cybersecurity posture’ is compromised by the inevitable changes caused when running a business with digital inputs or outputs. For this reason, Automated Security Validation, from vendors like Pentera, Cymulate and Picus are changing the game to give an ‘always on’ capabilities
So in 2023 we are never ‘One and done’. We are never going back to the digital equivalent of a Maginot line. Just as we expect more and more connectivity and more and more devices to bring us every more data, we have to reapportion the attention and budget we spend on cyber security
But there is an upside to the increasing amount of management time cyber is taking up. It can create differentiation. Customers and investors are starting to pay attention, as you can see from the conversations about breaches in the media and amongst fellow consumers and more importantly in the share prices and long-term viability of businesses.
Too much? Let’s not forget what happened to Carphone Warehouse when its cyber security was breached, it was fined and finally retreated from the high street. Other brands like Sony and Marriott have so far ‘gotten away with it’ in terms of long term business damage following hacks. How long will it be before share price, company valuation and brand value/goodwill are directly linked to Cyber Security?