Creating a culture of Cyber Security is vital to the survival of your business

As security professionals, we are always trying to justify what we do. At the end of the day, the best we can offer is that nothing will go wrong.  No fires, site crashes, hard drive failures, internal and external hackers, viruses, malware, or spam outbreaks, etc.  However, every day we see the threats to organizations increasing from teenagers, to organized crime, as recently described in the annual threat assessment.  Moreover, the vulnerabilities are increasing in organizations every day, from insecure designs, implementations, configurations, software development, or in IT products that we purchase.

As security professionals, we deal with known and unknown threats and vulnerabilities every day. At the same time, we must justify our budgets, staff and projects.  What is the Return on Investment (ROI), we are often asked?  Well, we kept the lights on…There are elements of security that can have an impact on the bottom line.  For example, Identity and Access Management can assist in streamlining many business processes.  However, a majority of security components need to be put in place as a matter of doing business on the Internet.  Sort of like the game of American football, you can watch a pickup game, where the players come out to play with little to no equipment.  However, the professionals come to play with helmets, pads, referees, rules, etc.  The pickup games are played for pride and fun, where as the professionals come to play for more.  The hits are harder and more often. The same thing can be said for doing business on the Internet.  You must have basic protection just to do business on the Internet, such as policies, firewalls, virus, spam and malware protection, virtual private networks, network, security, configuration and patch management, along with independent audits to verify your cyber security is working.

If you are doing business on the internet, you should be held responsible for protecting your online business and accounts from compromises, as recently seen in the Texas bank that is suing one of their customers hit by an $800,000 cybertheft incident first reported by Brian Krebbs.  However, many small to medium sized businesses are blissfully unaware of the threats and vulnerabilities that confront their business while they are connected to the Internet.  Security is just not infused in our small to medium sized businesses.  These businesses are focused on delivering services to their clients. The vendors that are selling products and services to these businesses do not focus on security as an element of their sale.  Bottom line…in the world we live in today, with the ever increasing threats and vulnerabilities, creating a culture of security in your business is extremely important and vital to your business survival. Infusing security into your business has to be an element of what you do every day. For more information see our Cyber Security Essentials on how you can protect your business.