Cybersecurity: The bottom line

No photo availableByManikandan Natarajan
2 min read

I would follow what the experts have been crying out aloud for a long time now: Separate Security Governance from…

Cybersecurity

I would follow what the experts have been crying out aloud for a long time now: Separate Security Governance from Operations.  Most security initiatives fail simply because they start with either a compliance program (& stop there), or start by implementing a technology in an un-informed manner.

The imperative is not in embracing a program or a certain technology implementation, the imperative is in clearly understanding “the why”. If the security ops is able to convince the CFO on the investment they seek, it is only fair that the CFO would ask if that would keep us protected.

The response is not in if we are protected. The response must be fashioned around how secure & What-if Scenarios. Most security implementations are centered around a Paranoia to implement preventive technologies.

Maturity in adoption can only scale if the team can involve someone from the Risk team and the Business/ Finance. The industry has repeatedly failed in most cases to convince the CFO and CRO on security decision making, based on a combination of impact-driven & Risk Aware context. We are still struggling with high-risk and low-risk. We need to move from that and check on good-risk and bad-risk in the context of the business operation.

According to me, the focus must be more on Detect and Respond than on Prevent. We must have learnt more from recent attacks to detect and respond and more on how to prepare after a disaster. Organizations must initiate security objectives, with the above pointers and with an assumption that they are probably in or will be in a state of compromise.

It will be evident that the scope of security, it’s boundaries and applicability will be re-written! There will be theft, there will be compromise, there will be fraud, the smartness is in Predicting, Detecting and responding to it.

Attacks will continue and will get stronger and smarter, we should be in a position to out-smart them, which simply means, we need to think smarter and harder.

Word of caution: Do not let Paranoia drive your security decisions, let assurance drive the decisions. You will never be able to find a lock that doesn’t break, it is all about finding what can stand long till you get to know of a breach and what to do when you get to know.

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co