Cyber security and cyber resilience — 5 good reasons for talking about it with existing and prospective clients in 2019
Whether you are very advanced on the subject or only just beginning to become aware of it, there are at least 5 good reasons to make security a topic of communication, content marketing and sustainable conversation in 2019.
1/ Company executives have a great need for information on cyber security
Security is a topic on which their demand for technical information and new, inspiring ideas is high. It’s rated the second most important subject by executives of French SMEs, after regulatory changes (Angie/CH2 study, July 2018).
2/ The topic of cyber security involves all management functions
The issue of cyber security is not a risk like any other. It’s transversal, structural. Cyber threats put reputations, operations, finances and people at risk. The topic of cyber security is not restricted to CIOs, CSOs and IT departments. It has to involve a wide spectrum of professions and must be borne by senior managers so that partners, investors and customers are reassured.
3/ Cyber security is changing fast so we have to keep adapting
The “perimetric defence”, approach, which sought to build the Great Wall of China around a company’s digital assets, has had its day. In view of the rising trend for BYOD (Bring Your Own Device) and the growing penetration of the Internet of Things in offices and production sites, the overriding principle is today rather “Zero Trust”, i.e. the starting-point is that there will always be a potential point of entry for an attack. As a result, companies have to learn to cross process and business issues with the basics of security, identify critical points in their organisation and define scenarios that will make them resilient, capable of maintaining their activities or resuming them by reducing the impact of an attack to the minimum.
4/ Employees need to be supported
As the global specialist Bruce Schneier has pointed out, “only amateurs attack machines; professionals target people.” It’s very often human behaviour that compromises the security of an IT system. Weak passwords and poorly controlled use of messaging are examples of obvious entry points for attackers, who always pay more attention to business processes so they are able to exploit them better. How can employees be helped to contribute to an effective cyber strategy? By fighting against two enemies of cyber security. One is carelessness. A survey carried out in 2016 by the NIST and the IEEE shows that over three-quarters of computer users do not believe the subject of cyber security is important and do not know any victim of an attack. The second is powerlessness. The same study reveals that 94% of users are sick and tired of alerts and warnings. So although it is a narrow ridge, we have no choice but to take it, taking care to provide simple, clear, eloquent information adapted to the concrete practices of users.
5/ It is time to begin conversations with employees about cyber security
Experts in cyber security are increasingly indispensable for businesses but there are not enough of them. The Center for Cyber Safety and Education estimates that the IT security sector will provide 1.8 million jobs over the next five years. But people still need to be convinced that jobs in cyber security consist of more than continually staring at a wall of screens in a dark room. This is a caricature that persists even though jobs in cyber security are becoming increasingly varied and rewarding.