THE LIST: Let’s count them down.

 

10. The threat is REAL.  

Debate is rampant around the size and level of risk of cyber security threats.   Is it media hype?  A conspiracy even?  What we learn as time goes on: the threat is real.  It is afflicting businesses large and small.  The threats don’t discriminate. 

The lesson:  Don’t get caught up in dismissing cyber risks as hoopla, corporate greed or noise. 

9. Incidents are happening to other organizations. Until it hits your circle, the threat seems distant. 

During a pandemic you and your family are healthy until your not.  Cybersecurity threats feel the same way; systems and data are healthy until they aren’t.  A sudden change hits home, and your world is changed. 

The lesson: Feelings of security are false given the ubiquitous nature of a pandemic and of cyberthreats. 

8.  There are lots of opinions out there.

America is the land of free speech, and boy do people exercise their rights!  Cyber security is no exception.  Folks have stories, strategies, and where there is money to made, plenty of “solutions” to offer. 

The lesson: Stick to the facts.  Cyber security models and approaches are mature and organizations need to avoid the noise and simply work towards alignment.  

7. Sensible hygiene for EVERYONE!  

Everyone has their habits.  Humans like a good routine.  When a new threat emerges it is tough change those habits.  Then there is the question:  what are the new habits to adopt?  In the world of cyber security there are countless tactics organizations could implement into technology and behaviors. 

 

6. The higher the risks the more precautions are necessary.

In addition to the sensible hygiene tactics, certain organizations required more advanced tactics.  A simple check list of advanced controls organizations with greater risk should implement. 

 

5. Being careless affects other people. 

A cyber breach costs money, reputation, operational capacity and in rare but brutal cases the end to an otherwise healthy organization.  People’s livelihoods are affected.  It’s not life or death pandemic-level outcomes, but it is real impact to the stakeholders of an organization. 

The lesson: Take care to align the controls, behavior and cyber security budget with the reality of the risks.   

 

4. “Close to you” infections are painful.   

A breach of any kind in an organization’s circle is painful.  Even if data or systems are not ultimately lost, massive amounts of time, production and confidence will be. 

The lesson: Take the necessary precautions.  

3. The complexities are continuously evolving.   

A changing cyber threat landscape is the new normal given the variables involved with attackers, technology and an organization’s workforce. 

The lesson: Don’t take a one and done approach to protecting an organization, continue to assess the landscape, standards and work towards alignment in the areas it makes sense.  

 

2. Behavioral change and new tools are required.  

Wash hands, wear a mask, etc.  The pandemic powers have drilled the key changes people needed to make in their day to day to better protect themselves.  Every cybersecurity professional will highlight human behavior as the #1 gap to digital security.  Educating and reinforcing good behaviors when using technology will better protect an organization.   

Organizations have implemented countless new digital and physical tools to protect people in buildings, public transportation, etc. during the pandemic.  Implementing new cyber tools will also lessen the likelihood, impact and damage of a cyber security incident.   

1. Risk mitigation requires LEADERSHIP. 

Leaders of American’s small and mid-sized organizations are busy.  Busy managing people, strategy, finances and traditional risk.  Other priorities are holding them back. 

The lesson: Take the time to assess cyber risk.  Risk assessments are affordable, understandable and will help leaders understand their gaps and what actions can be taken.  The information will lead to consensus about what is worth doing to keep the organization healthy.