In my last blog I looked at the first stage in the cyber security journey — ‘Denial’; at how many organisations just can’t see themselves as a potential target — and why that’s a dangerous way to think.
But once you’re past ‘Denial’, you get into the next stage: ‘Worry’. And that’s what I’ll look at in this blog.
Worrying is an important part of your cyber security journey. It’s a dangerous stage (for reasons I’ll explain in a moment), but also a necessary part of your cyber evolution. So let’s get stuck into what this stage means to your organisation, and how to move on from it.
‘Worry’ is the natural progression from ‘Denial’. Once you’re done denying your organisation has cyber security issues, it suddenly hits you — “we need to protect our networks; how can we do it?”.
The really interesting thing about this stage is that the danger isn’t in cyber attacks — it’s in your organisation’s response to the threat.
This is because the antidote to ‘Worry’ is often spending. Some at this stage see technology as a panacea. Others see answers in new policies, governance and standards, or think that maybe hiring a Chief Information Security Officer (CISO) will help. Either way, the response is to throw money at the problem, and hope it goes away.
The thing is, all of those solutions are legitimate ways of dealing with the cyber threat — but only if used with care and consideration.
My advice for getting safely past this stage is this: don’t panic.
The worst thing you can do is think it’s impossible and not bother. The next worst thing is to spend a fortune on security solutions you don’t need.
The best course of action is to think carefully about your current controls, and assess them in comparison to security best practice. Try to understand if the security you have, can protect your most important assets, and attempt to get your current technology and processes to work in harmony. By all means, invest — but invest with care and consideration.
With this done, you’ll be prepared to move onto the next stage: ‘False confidence’.
Keep an eye out for my next blog article, where I’ll delve into what that stage means for your organisation and its cyber security.