Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Don’t Expect Cybersecurity to Work in Firms where Nothing Does | by JC Gaillard | Security Transformation Leadership | Jan, 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | #hacking | #aihp

I have written at length about the difficulties many large organizations encounter with cybersecurity, and their endemic execution problems when it comes to protecting themselves from cyber threats.

While the diagnostic is relatively clear in my view, there is one aspect that needs repeating, and frames the entirety of the problem in many firms.

You cannot expect cybersecurity projects to deliver in firms where projects — in general — don’t deliver; where there is no accountability against original objectives; where no-one looks beyond alleged quick wins in ANY project.

With business projects, in the end, it all boils down to well-established business concepts: Return on investment, customer acquisition costs, time to market, etc… : You kill or stop (or reframe) a project when it costs too much, goes too slow, or because business priorities have shifted. You simply cut your loses and everyone moves on. It happens all the time, and those decisions may involve multi-million investments; amounts many CISOs would like to have at their disposal in those firms, and which dwarf the costs of most cybersecurity initiatives.

Some firms are in constant upheaval, constantly churning out new initiatives in spite of whatever may be already underway, constantly killing or repositioning ongoing projects.

For some, it’s simply their way of working, taking to an extreme the Zuckerberg “go-fast-and-break-things” principle. This is often seen as a sign of good business health and a strong market; as long as there is growth and profits are good, the guys upstairs won’t really care.

At the other end of the spectrum, some firms exhibit similar symptoms for the opposite reasons: Because they are struggling to keep the lights on and are constantly juggling with existential threats.

Don’t expect cybersecurity projects to do well, where what I have highlighted here is the dominant business mindset.


Click Here For The Original Source.

Click Here For The Original Source.