Cyber security isn’t everything (by a cyber security expert)
As a cybersecurity and resilience consultant with 10 years’ experience, it goes without saying that my primary focus in my everyday working life is to ensure that my clients’ systems are safe, secure and prosperous.
Yes, it’s important to maintain good cyber hygiene to prevent opportunistic cyber criminals from striking, but it’s also important to remember that security is there to enable the business to operate effectively and not to deter from seeking new opportunities or taking well-informed calculated risks.
Cybersecurity is extremely important to all businesses, but it’s not the only priority; adaptability and innovation are also key pillars in the overall success of a business.
It’s easy to become so focused on protecting what you have with cybersecurity, that you miss exciting new opportunities when they present themselves – so everything should have balance. After all, spending time and resource on time-intensive, draconian controls that are so difficult to navigate people end up circumventing the process entirely (thereby rendering the controls counterproductive), is a waste.
Think of it like building a house with no windows and no doors – yes, it would be very secure but would ultimately a pointless undertaking as it’s been created with only security in mind, not the basic need of liveability.
How do we apply this thinking?
- Define What Success is
At the start of any programme or project, it’s important to identify what the objectives are. Security should be one of the main criteria for success, but so should customer satisfaction, value, commercial opportunities etc. If we are failing on one front, we should re-assess our approach
- Be Pragmatic
A common saying among security professionals is that we are paid to be pessimistic, but not to the point where we are no longer listening to the argument of others. The response should rarely be ‘no’, but more a ‘yes, BUT…’; we are here to keep the wheels of business turning and letting the innovators do their job while keeping them safe from harm - it’s all about compromise and balance.
- Think Risk, rather than Security!
Risk doesn’t have to be a negative; sometimes we need to take risk when there is a big pay-off, but that risk should be fully calculated – defining what is an acceptable level of risk, identifying controls to reduce issues should they materialise, and monitoring the risk on an ongoing basis.
We’re not saying cybersecurity isn’t important – after all, it’s what we spend our days doing – more that your business shouldn’t be restricted as a result of being overprotective.
Chat to our cyber resilience team today to find out how they can understand your needs, and build a plan to help your firm thrive.