The Fundamental Laws of Cybersecurity: How Strong is Your Cybersecurity Program?

People tell lies every day. Some are little white lies to keep the peace (“your new haircut looks great!”) while others might be more substantial (“I was nowhere near the crime scene, your honor”).

Can you imagine if everyone committed to telling the truth, if only for a day?

Turns out that day is closer than you think: April 30th is Honesty Day, a holiday meant to encourage honesty in all avenues – everything from politics to personal relationships to business and everything in between. It’s also meant to challenge us to be more honest in our interactions with other people as well as with ourselves. On a personal level, this might mean admitting things like we eat too many cookies after we get home from the gym or we’re lazy about washing the dishes or that red isn’t really your color. But what about on a professional level?

Professional honesty might mean admitting that you’re not as open to new ideas as you’d like to be or you aren’t collaborative or even that you sometimes accept a mediocre performance as “good enough.”

When it comes to cybersecurity in business, “good enough” is, well, not good enough. A flawed (or nonexistent) cybersecurity initiative has the potential to cripple a business through operational, financial or reputational impact.

So… how strong is your cybersecurity program?

Before you answer, let’s take a moment to consider a few of the core aspects of cybersecurity. Being familiar with these tenets may help you be more truthful in your answer to the above question.

These are, in my opinion, the fundamental laws of cybersecurity:

Law #1

Even NOTHING isn’t secure.

Saying you have NOTHING to secure is like saying the earth is flat.

Everyone, and especially every company, has data which requires some level of security. Whether in your head, on paper, or in a server, everyone has some form of data that should be, must be, or is legally required to be secured.

All data and privacy is at risk! Accept it, plan for it, and prepare to defend it. Ignoring the risk will not make it go away.

Law #2

Technology will not solve 100% of your risk.

At best, technology will only address about a third of your cybersecurity risks. People and process will always occupy the other two-thirds of your cybersecurity risks. (At least until it’s legal to install a control chip in the human brain.)

Law #3

Organic devices are the biggest threat to your protected data.

Human beings will always be the most dangerous aspect of your risk profile (see Law #2).

I’m not saying that as human beings we’re inherently evil. I’m not even saying that people suck.  What I am saying is that the human psyche and human action is inherently flawed. We make mistakes. We make bad decisions under duress. Sometimes we sincerely believe we have absolutely nothing to secure (see Law #1).

Now that you’re more familiar with these concepts, it’s time to answer the question posed earlier. How strong is your cybersecurity program? Remember: be honest!

 

About The Author: Chad Walter

Chad F. Walter is the Vice President, Business Development at GreyCastle Security. In this role, Mr. Walter leads a growing team of cybersecurity business development professionals and is an integral part of the GreyCastle Security strategy team.

Mr. Walter has amassed over 20 years of strategic leadership and developmental experience within cybersecurity, information technology and executive leadership. He has served as CEO of CFWalter Consulting, LLC, President of IntegraLED, Director of Channel Development for Network Box USA, Vice President of Operations for Chile-IT, and as the President and COO for D&D Consulting.