Shark Week on Discovery Channel is undoubtedly one of the television highlights of the summer. Despite the fact that a large percentage of the population may have an extreme (and justified) fear when it comes to these powerful creatures, there is also an unquenchable thirst to see and learn more about them. The world’s oceans are vast places filled with all sorts of interesting and amazing things, but also wrought with peril in the form of these, and other, awesome predators. You could state the same thing about the Internet, although the term “breach” has a vastly different definition. The world is at your fingertips when you are online, nearly anything you would ever want to find can be accessed by a few short keystrokes. But much like the oceans, there are threats you need to protect yourself from and you might not see them until it’s too late.
Now are you likely to encounter a threat every time you venture online or into the water? Most likely no, but does that mean you should be any less vigilant? Absolutely not! When it comes to assessing risk you always need to balance the cost of prevention with the potential for and impact of loss. In the example of the sharks, the loss is pretty obvious and I’m betting that most people heed the warnings seriously and stay clear when it makes sense to do so.
But what happens when you can’t stay out of the water? Today, most businesses rely on networked capabilities to operate. In many cases, if an organization is offline for more than a few hours they are in danger of suffering a significant financial loss. Offline for more than a day or two and they could be on the road to being out of business within a year. So despite the many warning signs that are out there, they have no choice but to “jump in” and deal with the threats.
While it may seem to many of us, myself included, that the hosts of shark week are a little bit crazy to get into the water with these sharks, they were actually taking precautions to minimize the risk of a devastating loss. They avoid entering the water during prime feeding times such as early morning and dusk; they make a concentrated effort to stay clear of the seal population, a favorite food of sharks. In cases where it makes sense, they also implement a steel cage to place a barrier between them and the sharks. There is still a high level of risk to be certain, but they have in many ways, minimized the risk of a catastrophic event.
There are differing levels of risk in cybersecurity as well, some of which, if not handled properly can be fatal to a business. As an organization, you need to identify the assets that are crucial to the sustainment of your business and ask yourself if you have done everything you can to eliminate the risk of loss. A shark can breach and hit that foam seal decoy a hundred times, but it really only matters if it catches the real seal. For your business, you have to identify which of your assets are vital. Have you built the proverbial steel shark cage around these assets? If not, you may want to rethink your security strategy as you continue to venture into the threatening waters of the networked world. Or maybe you’re going to need a bigger boat.
– Mark Hatton, President, CEO