|Carl Mazzanti is the president of eMazzanti Technologies in Hoboken.
||There is no question that businesses need a robust Cyber Security approach — the ongoing attacks against businesses of all sizes, and even high-profile individuals like Facebook owner Mark Zuckerberg, make that clear. But do companies have the right Cyber Security approach??
In general, there are two basic ways to model a Cyber Security approach: with a Pen or Pencil strategy. Think of it this way — when something is recorded in ink, the decision is permanent. A choice is made and the decision is locked in. On the other hand, when a pencil is used, there is room for improvement even in a long-term commitment.
If a business owner wishes to take the Pen approach and lock in the initial Cyber Security approach, which may be fine. But if they want the option of adjusting their Cyber Security decisions at some point in the future, with the Pencil approach, erasing their existing controls and making adjustments with proper change controls will be a fairly simple task.
The decision between the Pen or Pencil strategy for a Cyber Security approach carries profound consequences. It is the choice of whether you will lock yourself into a set of security practices and forget about long-term strategy or remain flexible and respond to new events. This issue is particularly important now as cyber threats become more sophisticated and attack a wider range of targets with a broader array of techniques.
Cyber Security Approach – The Pen Approach
Despite this growing danger, some business owners prefer the Pen approach. They believe the Pen approach allows them to focus on growing their company instead of diverting valuable resources and their attention to IT issues. Expenses may also be an issue. Since some business owners view Cyber Security as a cost center and do not want to pump in more than the bare minimum of funds. For that matter, it is not unusual for an internal IT department to adopt a kind of “lay low” mindset in the interest of self-preservation. If the IT department is not seen, it is less likely to be scrutinized during a round of budget cuts.
But before a company adopts the Pen approach and locks into a cyber-protection track, some implications should be considered. One issue is that communications with the IT service management or internal security team will be reduced since the Pen approach removes opportunities to make changes to a security protocol. Consequently, the Pen approach constricts a business’ ability to adjust protocols to comply with evolving best practices and Cyber Security solutions. The Pen approach may align with a person’s personal risk profile, but is an issue when a business is subject to regulatory guidelines requiring updates.
Additionally, the Pen approach to Cyber Security approach cannot scale with the growth of a business. As a company grows more complex, the potential exposure to hackers and other bad actors increases — and if the Cyber Security plan that lags behind a business’ growth will result in digital protection gaps.
Cyber Security Approach – The Pencil Strategy
In contrast, the Pencil strategy offers flexibility. It enables IT responses to adjust to the real-time environment as a business grows and as cyber threats evolve. An effective Pencil approach utilizes a combination of firmness — with a commitment to updating, reviewing, and modifying security policies as needed — while remaining flexible enough to recognize, understand and respond to issues regarding new information, new or changed requirements, emerging threats, and updated solutions.
Instead of freezing Cyber Security or IT support services at a single point, the Pencil approach applies the best practices. It constantly processes improvements, ongoing system audits, and tests while also checking for patches and upgrades when necessary. The Pen proponent will remain happy for a time, ignorant of emerging cyber threats until something bad happens. But once a breach occurs, the cost to fix the damage under the Pen approach will cost a lot more than being prepared to begin with.
eCare SOC Security Monitoring
Security Operations Center 24x7x365
MXINSPECT Email Defense
Complete Defense Against Today’s Email Threats