Your CISO / security admin will probably disagree, what about you?
If that statement takes you aback then perhaps ask a CEO for their candid thoughts on the topic. From the perspective of most businesses, Cyber Security is a necessary but largely unwelcome daily function that is presently nowhere near as effortless or as discrete as it should be and way more expensive than ‘spending a penny’. No matter how much we rapture on about the virtues of Cyber Security, to The Business, we might as well be explaining the function of the U-bend. They are simply not interested and frankly would prefer to avoid the topic altogether – that in itself is a strong message we should heed.
Look at the advertising for Cyber Sec services and as an industry we appear unable to articulate the fundamental business value in simple, quantitative terms of risk and cost. Instead we constantly drag the customer into our realm, necessitating they understand our technology and security lexicon. Their pain does not stop with the language. For all its impressive technical capability, from a business perspective CyberSec is operationally in the dark ages – high fixed costs, too much exposed complexity and requiring a ‘tar.gz’ of indubitable geeks skilled in the black arts to manage and integrate.
We are not here by happenstance – CyberSec is like this for a reason and it’s because of what we choose to interpret as the problem to solve. We need to stop for a while and look through the lens of The Business. By doing this we will see the challenges they see in the language they use. We need to humble ourselves and realise that for all our technical prowess what the Business really wants with CyberSec is somewhat of a janitorial experience – minimal engagement, a secure and reliable lock to avoid embarrassment, single button operation that anyone can work and to pay by use, in pennies.