COVID-19 changes the game: Now is not the time to risk a cyber-attack.
Earlier ransomware incidents that have affected organisations such as Travelex in the UK or Bouygues in France profoundly question the way cyber security has been managed – historically – in many large firms. And they add their names to an ever growing “hall of shame” which already includes British Airways, Marriott, Equifax and – sadly – countless others.
Large firms with multi-million IT and security budgets should not end up in that mess. Period.
Calling in one of the Big 4 firms to “sort things out” afterwards will not cut it anymore. At the heart of the matter, is not just the need to “do things” (protective and layered “defence-in-depth” measures are well known and have been for decades) but the governance surrounding execution in those firms, the way the prioritisation of security investment was handled over the years, and the cultural and managerial aspects surrounding those.
“We can’t afford this” is an excuse we have been hearing too often with senior executives around security over the years. Many CISOs take it as budgetary constraints. It is simply adverse prioritisation. And if security is not visibly towards the top of the agenda with management, you cannot expect good execution to follow regardless of the investments you make.
One trait many of the firms affected recently by cyber security incidents had in common (pre COVID-19), was their relatively good economic health. Those were not failing businesses chronically losing money or drastically challenged by digital disruption, as could have been the case for example in the retail sector. They were healthy and established market players churning up healthy profits.
How did they use to assess the threats they face? How did they manage their levels of exposure or protection against those? How did they determine the investments necessary to ensure adequate protection?
Clearly, not very well…
One thing is certain: They were not really short of cash – at the time. It may be a simplistic view from a CFO perspective, but the reality is that – post breach – money invariably used to appear out of nowhere to get things “fixed”.
That’s the most pathetic part of all those incidents: Shameless executives, who previously would have argued that they “could not afford” security measures, handing out millions in search of non-existent quick-wins or technical silver-bullets. And shameless tech vendors and security “consultants” lining up, without for a second daring to tell their clients what they need to hear: Buying more tech won’t help you, until you address the cultural and governance attitudes which have led you in that mess in the first place: Endemic short-termism, cognitive biases, or frankly in some cases, threat ignorance and lip service to compliance requirements.
Of course, once the entire business has been down for several days, priorities are put into perspective and mindsets change, but for how long?
Across the street, various competitors or suppliers would have been rattled and may also start thinking differently, but again, for how long?
Once the dust has settled, losses are just losses; they may not please the shareholders, but in a context where many things could go wrong for large firms, do they really matter if the health of the business is strong? For St Gobain, Maersk and others – badly hit by the 2017 NotPetya outbreak – lost sales associated with the cyber-attack were estimated in the hundreds of millions and direct costs related to crisis in the tens of millions. Unpleasant, not invisible but manageable – in good times – on an otherwise healthy multi-billion balance sheet.
Frankly, those days have gone. The COVID-19 crisis changes the landscape totally around cyber-attacks, and that type of cynical approach now borders on plain negligence.
Which business can now afford “not-to-afford” good cyber security measures, in a context where most remaining activity has shifted online, and we are all dependent on digital services?
Security has become essential to keeping the lights on, and nobody can risk a cyber attack in the middle of all this. At the same time, cash has become precious and the business outlook is unclear.
But prioritising against security spending seems unreasonable, even in the face of massive cost reductions, and in particular in organisations where current cyber maturity levels are low.
Now is the time to look at those maturity problems in the face and to focus the scarce resources available where they will have most impact. But cutting security spending to the ground in the midst of the COVID-19 crisis would be disastrous.
This piece of writing will help the internet people for building up new webpage or even a weblog from start to end.| Em Guntar Fujio
Love the energy in your blog. If you were to have a Spirit animal it most likely would be a butterfly. Helga Zolly Bosson
I literally just spent 4 hours waxing my hairy Persian arms. Doretta Angel Secrest
Improve him believe opinion offered met and end cheered forbade. Friendly as stronger speedily by recurred. Son interest wandered sir addition end say. Manners beloved affixed picture men ask. Explain few led parties attacks picture company. On sure fine kept walk am in it. Zsa Zsa Bran Forest
Out of the frying pan into the fire.
The gods sell all things at a fair price.
Hey, you used to write magnificent, but the last few posts have been kinda boringK I miss your super writings. Past few posts are just a little bit out of track! come on!
My spouse and I absolutely love your blog and find the majority of your post’s to be what precisely I’m looking for. can you offer guest writers to write content for you? I wouldn’t mind composing a post or elaborating on a lot of the subjects you write about here. Again, awesome site!
Have you ever thought about including a little bit more than just your articles?
I mean, what you say is fundamental and all. Nevertheless
imagine if you added some great graphics or video clips to give your posts more, “pop”!
Your content is excellent but with pics and video
clips, this website could certainly be one of the greatest in its field.
Superb blog!
Hello to all, it’s really a nice for me to visit this site, it contains valuable Information.
Nice answer back in return of this matter with genuine arguments and describing everything concerning that.
Hey there! Quick question that’s entirely off topic. Do you know how to make your site mobile friendly?
My weblog looks weird when viewing from my iphone4. I’m trying to find a theme or plugin that might be able to resolve this issue.
If you have any suggestions, please share. Thank you!
Hi there to all, for the reason that I am in fact keen of reading this blog’s post to be updated daily.
It includes nice stuff.
I am really impressed with your writing skills and also with the layout
on your weblog. Is this a paid theme or did you customize
it yourself? Either way keep up the excellent quality writing, it’s rare to see a nice blog like this one
nowadays.
It’s awesome in support of me to have a web site, which is useful for my experience.
thanks admin
It’s wonderful that you are getting thoughts from this paragraph as well as from
our argument made here.
What you composed was very logical. However, think about this, what if
you added a little content? I mean, I don’t wish to tell you how to run your blog,
however suppose you added a headline to maybe get people’s attention? I mean Can you still Afford “not to afford” Cyber Security?
– CIO WaterCooler Consultants is a little vanilla.
You ought to glance at Yahoo’s front page and see how they create news headlines to
get people interested. You might add a video or a related picture
or two to grab readers excited about what you’ve got to say.
In my opinion, it would bring your posts a little bit more interesting.
Good day! Do you use Twitter? I’d like to follow
you if that would be ok. I’m definitely enjoying your blog and look forward to new updates.
Incredible! This blog looks exactly like my old one!
It’s on a totally different topic but it has pretty much the same page layout and
design. Great choice of colors! quest bars http://j.mp/3C2tkMR quest bars
Hello there, I discovered your web site via Google while looking for a comparable matter,
your site came up, it seems to be good. I have bookmarked it
in my google bookmarks.
Hello there, just turned into aware of your weblog thru
Google, and found that it is really informative.
I am going to watch out for brussels. I will be grateful
if you happen to continue this in future. Many people will
likely be benefited out of your writing. Cheers!
asmr https://app.gumroad.com/asmr2021/p/best-asmr-online asmr
Hey great website! Does running a blog like this require a large amount of
work? I’ve very little expertise in coding however I had been hoping to start
my own blog in the near future. Anyway, should you have any ideas or tips
for new blog owners please share. I understand
this is off subject however I simply had to ask. Thanks a lot!
scoliosis surgery https://0401mm.tumblr.com/ scoliosis surgery
My family members all the time say that I am wasting my time here at web, however
I know I am getting knowledge every day by reading thes fastidious content.
quest bars https://www.iherb.com/search?kw=quest%20bars quest bars
Nice weblog here! Additionally your website rather
a lot up very fast! What host are you using? Can I am getting your affiliate link
in your host? I wish my web site loaded up as fast as yours lol cheap flights http://1704milesapart.tumblr.com/ cheap flights
Hello! I just wanted to ask if you ever have any problems with hackers?
My last blog (wordpress) was hacked and I ended up losing
many months of hard work due to no backup. Do you have any methods to protect against hackers?
scoliosis surgery https://coub.com/stories/962966-scoliosis-surgery scoliosis surgery
You could definitely see your skills in the work you write. The world hopes for more passionate writers like you who are not afraid to say how they believe. Always follow your heart.
This page certainly has all of the info I wanted concerning this subject and didn’t know who
to ask.
You could certainly see your skills in the work you write.
The arena hopes for more passionate writers like you who aren’t afraid to mention how they believe.
Always follow your heart.
I would like to thnkx for the efforts you have put in writing this blog. I am hoping the same high-grade blog post from you in the upcoming as well. In fact your creative writing abilities has inspired me to get my own blog now. Really the blogging is spreading its wings quickly. Your write up is a good example of it.
Whoever digs a pit for his neighbor should dig it his own size.
I went over this site and I believe you have a lot of good information, bookmarked (:.
I like this website so much, saved to bookmarks. “I don’t care what is written about me so long as it isn’t true.” by Dorothy Parker.
After looking over a number of the blog posts on your web site, I honestly like
your way of blogging. I bookmarked it to my
bookmark site list and will be checking back
in the near future. Take a look at my web site too and let me know your opinion.
Hi! I’ve been reading your website for a long time now and
finally got the courage to go ahead and give you a shout out from Atascocita Tx!
Just wanted to say keep up the fantastic work!
Your place is valueble for me. Thanks!…
I have read some good stuff here. Definitely worth bookmarking for revisiting. I surprise how much effort you put to make such a magnificent informative web site.
That is the correct blog for anyone who desires to find out about this topic. You realize a lot its almost arduous to argue with you (not that I really would want…HaHa). You positively put a brand new spin on a subject thats been written about for years. Nice stuff, simply great!
I’m impressed, I have to admit. Rarely do I encounter a blog that’s both educative and
amusing, and let me tell you, you have hit the nail on the head.
The issue is something which not enough folks are speaking intelligently about.
I’m very happy that I found this in my search for something regarding this.
Greetings! Quick question that’s entirely off topic.
Do you know how to make your site mobile friendly?
My blog looks weird when browsing from my iphone 4. I’m
trying to find a template or plugin that might be able to
correct this problem. If you have any suggestions, please share.
Thank you!
Very nice post. I just stumbled upon your blog and wanted to say that I
have really enjoyed surfing around your blog posts.
In any case I’ll be subscribing to your rss feed and I hope you write again very
soon!
I was very pleased to uncover this great site. I need to to thank you for your time just for
this wonderful read!! I definitely enjoyed every little bit of it and I have you bookmarked to check out
new information on your blog.
Generally I don’t learn post on blogs, however I wish to say that
this write-up very compelled me to check out and do so! Your writing taste has been amazed
me. Thanks, quite great post.
Thanks for sharing superb informations. Your site is very cool. I am impressed by the details that you have on this site. It reveals how nicely you perceive this subject. Bookmarked this web page, will come back for more articles. You, my friend, ROCK! I found simply the information I already searched all over the place and simply couldn’t come across. What an ideal site.
When some one searches for his required thing, so he/she wants to
be available that in detail, so that thing is maintained over here.
Wow that was odd. I just wrote an really long comment but after I clicked submit my comment didn’t
appear. Grrrr… well I’m not writing all that over again. Anyhow, just
wanted to say superb blog!
It’s great that you are getting ideas from this article as well as
from our discussion made here.
I like the valuable info you provide in your articles.
I’ll bookmark your blog and check again here frequently.
I’m quite certain I’ll learn many new stuff right here!
Best of luck for the next!
Hey! This is kind of off topic but I need some advice from an established blog.
Is it difficult to set up your own blog? I’m not very techincal but I can figure things out pretty quick.
I’m thinking about creating my own but I’m not sure where to begin. Do you have any tips or suggestions?
Appreciate it
This excellent website truly has all the information and facts I wanted concerning this subject and didn’t know who to
ask.
We are a bunch of volunteers and starting a new scheme in our community.
Your site provided us with valuable info to work on. You’ve performed an impressive task and
our whole community can be grateful to you.
Today, I went to the beachfront with my kids. I found a sea shell and gave it to
my 4 year old daughter and said “You can hear the ocean if you put this to your ear.” She placed the shell to her ear and
screamed. There was a hermit crab inside and it pinched her ear.
She never wants to go back! LoL I know this is completely
off topic but I had to tell someone!
Great blog! Do you have any hints for aspiring writers?
I’m planning to start my own blog soon but I’m a little lost
on everything. Would you propose starting with a free platform like WordPress or go for a paid option? There are so many choices out there that I’m
totally overwhelmed .. Any ideas? Kudos!
Good day! I simply would like to give you a huge thumbs up for your great information you’ve got
right here on this post. I am returning to your site for more soon.