Blog · 24 Oct 2017

Your cyber security journey: Stage two - 'Worry'

Join Mark Hughes, President of Security at BT, as he continues the exploration of your cyber security journey. This time looking at stage two - 'Worry'.

President, BT Security

Worried about your security?

In my last blog I looked at the first stage in the cyber security journey — ‘Denial’; at how many organisations just can’t see themselves as a potential target — and why that’s a dangerous way to think.

But once you’re past ‘Denial’, you get into the next stage: ‘Worry’. And that’s what I’ll look at in this blog.

Worrying is an important part of your cyber security journey. It’s a dangerous stage (for reasons I’ll explain in a moment), but also a necessary part of your cyber evolution. So let’s get stuck into what this stage means to your organisation, and how to move on from it.

Don’t panic

‘Worry’ is the natural progression from ‘Denial’. Once you’re done denying your organisation has cyber security issues, it suddenly hits you — “we need to protect our networks; how can we do it?”.

The really interesting thing about this stage is that the danger isn’t in cyber attacks — it’s in your organisation’s response to the threat.

This is because the antidote to ‘Worry’ is often spending. Some at this stage see technology as a panacea. Others see answers in new policies, governance and standards, or think that maybe hiring a Chief Information Security Officer (CISO) will help. Either way, the response is to throw money at the problem, and hope it goes away.  

The thing is, all of those solutions are legitimate ways of dealing with the cyber threat — but only if used with care and consideration.

Where next?

My advice for getting safely past this stage is this: don’t panic.

The worst thing you can do is think it’s impossible and not bother. The next worst thing is to spend a fortune on security solutions you don’t need.

The best course of action is to think carefully about your current controls, and assess them in comparison to security best practice. Try to understand if the security you have, can protect your most important assets, and attempt to get your current technology and processes to work in harmony. By all means, invest — but invest with care and consideration.

Moving on

With this done, you’ll be prepared to move onto the next stage: ‘False confidence’.

Keep an eye out for my next blog article, where I’ll delve into what that stage means for your organisation and its cyber security.


Related content


Abwehrsysteme auf nationaler Ebene zur Bekämpfung der Cyberkriminalität

Es ist unerlässlich, dass die Nationalstaaten jetzt Maßnahmen gegen die bisher gefährlichsten Bedrohungen ergreifen.

Mehr dazu auf Englisch

Fünf Schritte, um die Cyber-Abwehr zu perfektionieren

BT image banner
Mehr dazu auf Englisch

Der Weg zur Cybersicherheit: Etappe drei - „Falsche Zuversicht“

Wir haben die Phasen eins und zwei des Wegs zur Cybersicherheit durchlaufen: „Ablehnung“ und „Sorge“. Nun werfen wir einen Blick auf die dritte und vielleicht schwierigste Etappe ...