Not everyone understands all of the complex pieces and the economic ramifications of them.
What makes this decision so difficult to require an owner to spend at least 3-4 hours a week on a topic which will not make any money, but will just help you keep running your business. In fact this “expenditure” of resources (time) makes it increasingly unlikely you will be ready for a possible extinction level event.
The problem is a matter of perception – the owner that is running their business has many hats, performs many different functions. The ultimate goal of a business is to sustain itself and grow, make a profit, perform a specific function in the marketplace. The goal of the business does not usually include a strategy to protect the business in case of disaster. That is something that should be done but it is not in the goals of the business.
So to perform the function well and ensure that it is done it will require a concerted effort. Otherwise as the informationweek.com article mentions: “SIM study points to Lax Focus on cybersecurity”
Cybersecurity has become more important, but the ‘paying attention’ department is a difficult one.
To some degree it is a level of understanding – should we meander our way to making things ‘right’? Or should we push and cajole the business owners to do the right thing?
How else to explain this? It is a matter when some systems need to be upgraded instead of just the software patch. (Some patches require a lot of changes). But when one gets a new computer it is sometimes a wrenching change – so this decision is sometimes delayed. This is why a Security Policy is so important by codifying the thoughts and actions of many decisions made and to be done.
The other aspect of Cybersecurity that may be challenging is the ever changing nature of it. Due to constant patch management and End of Life decisions by software and hardware companies nothing in the environment stays the same for very long.
The following image is a small snapshot of what happening in the IT world on a monthly basis.
- Patch Tuesday – (Microsoft releases it’s slew of patches on 2nd Tuesday of month.
- This month Windows7 End of Life, but all devices have an end of life.
- Chinese hacking groups are being uncovered again -(which means there are others)
- Vulnerability management is not easy.
While your business may have marketing and cost challenges due to changes in the world, the IT world is in constant flux of new vulnerabilities, older systems, and many other issues like new adversaries. So to make sure you do not have a disaster in your hands and control this cybersecurity beast it requires 3-4 hours per week in my opinion. Contact Us to discuss