On Mother’s Day, we take time to think about the women who sacrificed and brought us into this world. It is not just a Hallmark created holiday but a time to remember and honor the person in our life who was likely more influential than any other person. Much of this wisdom can be boiled down into sayings and a way of looking at things. Applying what mother always said to cybersecurity would be a good primer for many companies.
Tell The Truth. It’s Always Better in The Long Run.
Mom was right. It is human to want to hide the mistakes we have made — from stealing the cookie out of the cookie jar to who broke the neighbor’s window. For a business, it is no different. Owning up to mistakes or failures has consequences. But mom’s advice to be truthful and own it is sound advice in cybersecurity.
A great example of this is Equifax’s now notorious breach— which has cost the company over $4 billion to date. Among the lengthy list of things they did wrong in handling the breach, they also “retracted their statements multiple times and had several other hiccups following their breach.” The longer a company waits to tell the truth about an incident, the greater the reputational damage as well as legal repercussions.
If You Don’t Try, You Can’t Succeed.
Cybersecurity is a daunting area that can seem like a black hole. Some companies want to pretend it’s not important, so they don’t have to really put the time and effort into a comprehensive 72-hour response plan or an updated password policy. But if you don’t try, you will never get better at it.
According to the Cyber Resilience study by IBM Security and the Ponemon Institute, 77% of organizations “do not have a cybersecurity incident response plan applied consistently across the enterprise,” and of those who do, 54% “do not test their plans regularly, which can leave them less prepared to effectively manage the complex processes and coordination that must take take place in the wake of an attack.”
If you don’t attempt to tackle the hard issues, time could run out and make those issues your highest priority. By not trying at all, a company is instantly failing.
Life Isn’t Fair.
We want to somehow feel that we are in control and that a fair playing field is part of the grand plan — but it’s not in life nor in business. It’s not fair that some companies who have not taken cybersecurity seriously still have not had a significant breach. While other companies who spend time, money and energy on their cybersecurity infrastructure are repeatedly attacked. Industry, region, size and services all play a factor in who becomes a target. However, there is a huge variable that is just not fair: some companies and organizations get hit harder than others. Mom was right…. Life’s not fair.
The odds of cyber attack are unfairly stacked against organizations in the top 6 industries at risk for cyber attacks: Business, Healthcare, Financial, Government/Military, Education and Utilities.
In 2018, a bank in Virginia was hacked twice during an eight-month period. The attackers stole more than $2.4 million over the two events. Both times the hackers gained access via phishing emails. Mom was right, that life isn’t fair…. But she also always said to learn from mistakes.
Every Choice Has Consequences.
No child or teenager ever wanted to hear this adage. Life was new and exciting, and the last thing a teenager wanted to think about was what the consequences might be for their actions. Young companies can have a similar mentality of not wanting to think about their choices and the consequences those choices have.
In cybersecurity, the choice to not hire a CISO, to not fund employee training or to not pay for legacy software to be updated and supported can have dire and expensive consequences. Companies that choose to be prepared can respond quickly and efficiently to cyber attacks, which can save millions.
Mom knew that life choices had consequences and in a business context we would be ahead if we thought more about the consequences for cyber risk.
If Your Friends Jumped off A Bridge, Would You Jump off Too?
Different cultures might have a different version of this message, but it a universal saying of mothers around the world. And it talks to the heart of how following the group is not always the best choice. In cybersecurity, group mentality can lead into a dangerous complacency and feeling of safety. Government agencies often say, “but the Transportation Department doesn’t have to set up their perimeter firewalls that way….”
Mom was right…. And we should remember the messages that we likely heard frequently from her: tell the truth, if you don’t try you can’t succeed, life isn’t fair, every choice has consequences, and would you jump too? These messages can apply to personal lives and also organizations. Mom really did know about cybersecurity…. Who knew?!