We have a rocket ship, but we’re still crawling
The cybersecurity industry has come a long way over the past decades as the perpetual game of cat and mouse has evolved. Organizations have more options than ever to protect themselves from cyber-criminals and adversaries. Yet, a new incident graces the front page almost daily, lending to the feeling that no one is doing enough or perhaps that there is no way to succeed and it's just a matter of time before you’re attacked.
When the situation is viewed with these conditions at the front of mind, it’s no wonder burnout is rife, and the outlook is bleak. But maybe that is a part of the problem itself. Organizations are brow-beaten with negative opinions, advice, and prospects to the point that even good messages are viewed skeptically. The flow-on effect from this is a default position of distrust externally when working with vendors and partners and internally when considering security initiatives.
Organizations have been put in a position where inaction appears preferable over arbitrary action. It’s a case of the boy who cried wolf, and now that the trust is broken, it doesn’t matter what the boy (vendor) is saying because the wolf (organizations) isn’t listening anymore. It’s understandable and explains why maturity increases are slow despite more options for protection and resiliency than ever before.
Everyone can play a part in improving the culture
Business does not and should not operate at the behest of security. However, sustained business viability is predicated on an effective and efficient security posture. Ideally, we could flip a switch, and fear, uncertainty, and doubt (FUD) tactics would be relegated to annals of history, as they should be. But in the real world, ethical justification in this practice continues, and organizations are left to uncover the unsensationalized truth on their own.
As frustrating as this can be, it is an opportunity for the industry to grow and evolve. But to begin this, each party must take its first step, which is always the hardest. When vendors and voices of the industry publish and present content, the focus should be squarely on bringing the relevant information to light so that organizations can act on it. The risks are real enough without needing to hype them up further. With this actionable information, organizations can quantify their own posture more accurately, leading to better, objective-based vendor engagement.
Central to the challenge are organizations handling input from internal and external teams. Striving as we all do towards becoming the best version of ourselves that we can be, re-engaging with internal teams, and communicating effectively to uncover the real risks in good faith will help in building a trust-fueled culture. When external technology or services are deemed necessary to continue the maturity journey, engage in proof-based discussions with vendors to align goals and priorities. A leading factor in effective communication is being bold, which can be done respectfully and without slinging mud. With this, a strong motivator for wide-reaching change will be boldness in calling out FUD tactics, focusing on individual actual risk situations, and not letting negative prospects slow down their efforts.
The path toward effective change across the industry will take a concerted effort. It is a rocky path filled with difficult conversations and the uprooting of long-held beliefs. Still, the benefits for everyone battling the actual adversaries, the cyber-criminals, are worthy of our best efforts.
By Dan Cartmill, Global Product Marketing Director, TXOne Networks