The myth cyber security professionals allow

I am starting new cyber security consulting firm called Element Security Group so of course I am working with a bunch of wonderful marketing folks and going through their processes for creating marketing copy.  I often enjoy this process as it really helps to clarify my offers but this time around something is off.

I keep seeing copy that says things like “we keep you safe from hackers”.  Safe from hackers?  That’s ridiculous.  Businesses are complex systems made up of processes, software, data, and people.  The more of those four things a company has the more likely a hacker will find a way in.  Something WILL go wrong.  Something goes wrong in every other aspect of your company so why do people think this business system will be any different?  Then it hit me.

It’s the Cyber Professional’s fault.

Yup.  I wouldn’t say we have been lying to you all these years but we sure haven’t put the effort in to show you the big picture.  It’s because we like having the right answers.

You ask “How do I secure my website?” and we show you how.

You ask “How can I be PCI compliant?” and bam!  PCI loves you.

You ask “How do we avoid clicking on bad stuff in email?” and we train your people and install filtering software.

Now you believe you’re safe because you don’t have any more questions and the sales guy hit his quota of product / service XYZ.  So you give a referral and the general sense of goodwill and safety spread through the business world.

Meanwhile the cyber professionals know you’re not but most of us are introverts and no one asked us about the big picture so we don’t say anything.

Folks, the truth of the matter is the business owner needs to take responsibility for the business system of cyber security just like they did for sales and marketing.  I’m sure you’ve bought a bunch of marketing tools and have no idea what worked and what didn’t but you felt good because you are doing something.  The end result was no new leads.

How did you fix it for marketing?  You took a step back and made a plan that took into account everything.  You stopped buying point solutions and actually put a system in place.

This is the myth.  You can buy a bunch of products and services and you can keep the hackers out.  The truth is you need to build a system that will limit the damage and recover quickly after the hackers get in.  

Adam Anderson

Adam Anderson is the author of Built to Survive: A Business Person's Guide on How to Recover and Thrive After a Cyber Attack. Adam’s 15 years of entrepreneurial startup experience and his knowledge Enterprise Cyber Defense gives him a window into what’s wrong with communication between large and small companies. He combined this knowledge and the good works from the National Institute of Standards and Technology’s Cyber Security Framework to co-author the book “Small Business Cyber Security”. This book was later turned into an online class by Clemson University. Adam has been active in peer advisory boards for small business CEOs. He took this experience and co-founded a peer advisory board for Chief Security Officers of fortune 500 companies. This mix of small and large businesses has positioned Adam as one of the few people in the world to understand the complete supply chain of cyber security.
Posted in