- are you a crash test dummy or do you wear your seat belt?
The thing is, even though organizations are using technology of today to do new and exciting digitalization stuff, the thinking of cybersecurity threats are in many cases and in many organizations up to a decade old. We live in a new world in terms of technology; but cyberthreats are viewed as they were back in the early 2010’s.
What unfortunately follows is that as the view of threats is obsolete, in terms of both what kind of threats there are and their drivers, the obsolete way may also extend to the ways threats are mitigated and the protective measures employed. We fear cybercrime, but we fear the wrong things; hence we prepare for the wrong things.
No big surprise: customers are targeted because of information and money. According to the latest Verizon Data Breach Report from 2019, 71% of breaches were financially motivated. 25% were to gain advantage (espionage).
The modern approach to cybersecurity involves having multiple layers of protection, topped off by threat detection and mitigation. Looking at numbers from various sources, the layers of security help prevent 90-95% of attacks, which today are almost an ongoing thing. Detection is required especially for specifically targeted attacks, which are difficult to stop. One cannot afford to be blind in the cyberworld.
Even though, as noted, cybercrime is the dark side of digitalization, we cannot allow ourselves to be numbed by it – we cannot allow it to become normal. As if you left your car unlocked, because it will be stolen anyway. The race between cyber criminals and defenders is a constant, and with the developing of technology, organizations need to keep up with technological advancements in cyber security.
The automotive industry has safety structures and technology which has evolved throughout the ages, with advances made in both technology and attitudes. The first cars had no safety features whatsoever. Concerns on driver safety began to emerge in the late 1920s, and shatter proof windshields were among the first safety features introduced. This then gradually evolved to the three-point seatbelts, airbags, crumple zones, side impact safety systems, automotive radar systems and so on, of today.
The point here is, one needs to keep up with the cybersecurity technology and other developments, and continuously upgrade the protection of one’s environment. If you stop at stuff done today, your setup will be obsolete tomorrow, or the day after tomorrow at the latest. You need to make sure you have the car with the latest safety. Otherwise you will end up being a crash test dummy, thrown about without protection, when an incident hits (and it will hit at some point).
Being as prepared as you can for possible threats will help you a long way. At least you will be mentally prepared for handling events that occur outside of your everyday tasks. This helps when the unexpected happens and It´s like good old Murphy said: If it can happen, it will happen.
We now get to Nils Bohlin and Samuel W. Alderson. Bohlin invented the three-point seatbelt. Alderson invented the crash test dummy. Both contributed markedly to automobile and driving safety. You do not need to become either of them. But you need to know enough and have what you need to be the master of your own cybersecurity fate.
Do you want to know more about cybersecurity risks in your business, and how to counter them? I will be happy to discuss this with you further.