When it comes to cybersecurity, are you proactive or reactive? I think it is safe to say that most IT leaders strive to be proactive in managing their environment. Many try to implement tools which monitor and alert when a device fails or hit a resource threshold. But from a security perspective, too many organizations continue to deploy basic, “traditional” defenses, simple employee usage policies and hope for the best. But with cyber-attacks on the rise, we all know that the traditional approach is no longer enough.
I am quite certain that for many business leaders the answer is “we don’t have the resources or budget for that this year” …and they spin the wheel of chance.
As cybersecurity experts, it is frustrating to find out that a client has been breached, even though advice, information, and recommendations on how to strengthen their security posture has been provided. Rather than proactively address the risk, they are forced into reactive mode and scramble to manage the fall-out of a breach.
It is understood that good cybersecurity solutions can be expensive. But there are many facets to protecting the environment, which extend beyond technology. Information security policies, employee awareness training, asset management and software patching are all fundamental components to cybersecurity maturity. All organizations should begin by understanding industry best practices and acknowledging their gaps. This approach allows the organization to develop a focused strategy which can be used to address high risk areas and budget for missing technology. Business leaders are seeking re-assurance that the environment is “secure” or that there is a plan to mitigate risk.
What are your thoughts on this?