Absolute vs. Relative Cybersecurity
“You don’t have to run faster than the bear to get away. You just have to run faster than the person next to you.” – Jim Butcher
The concept above, articulated recently by contemporary author Jim Butcher, has primordial roots. As a species, we are evolved to find safety in numbers and to value conformity over pure reason. This is understandable—for thousands of years, sticking with the group has been a survival strategy.
The idea is found today in the cybersecurity strategies of many businesses. It is not critical to have world-leading cyber defenses, the thinking goes, as long as you don’t have worst-in-class policies. After all, cyber criminals are looking for the “easy score” and, like the bear, will target the weakest companies, even if they could theoretically hack any number of organizations.
Thinking Relatively
This style of thinking, which can be understood as relative cybersecurity, has both positive and negative effects.
On the upside, it encourages organizations to take the first step and put in place minimal security protocols. The move from little to no investment in defense to a complete overhaul can be daunting and deter change. The idea that you only need to “outrun” your neighbors to send criminals elsewhere can make the process of getting started to build better defense easier.
However, the downside is also clear: prioritizing relative cybersecurity encourages businesses to only run slightly faster than the group, rather than achieving truly secure systems.
Becoming Absolute
A better and longer-lasting approach can be termed absolute cybersecurity, assembling the tools, knowledge, and company culture that makes your organization highly resistant to determined attacks.
To return to the prior metaphor, the goal should be to be bear-proof, not just hope the threat will choose to pass you by.
Here are some tips to think in absolute terms:
1. Assume that you will be targeted.
Don’t fall for the trap of thinking that “it can’t happen here.” Don’t view cybersecurity improvements as “checking the box.” Be focused on what you can do to harden your posture against a real and present theat. This isn’t unrealistic—over 20% of hotels have already become victims of a data breach.
2. Follow expert guidance, not industry averages.
The metric for success should be the opinions of those trained in the field, not the median of how peer companies behave. Frameworks like NIST, PCI DSS, and GDPR have been were developed over years with input from the leading experts in the field of cybersecurity. Dedicated experts are far more reliable than individual IT departments that tend to be overwhelmed by day-to-day threats.
3. Build a complete package.
The strongest cyber defenses rely on a “layered approach” that includes a robust human firewall, state of the art endpoint protection tools, log and threat monitoring, and ongoing expert advice. You goal should not be to simply build a passable defense; it should be to develop one that is resistant—a posture that can effectively protect against targeted attacks.
Feeling overwhelmed? Don’t be. VENZA and CyberTek are here to help. Cybersecurity is complex, but in partnership with us, your company can get started in as little as one month. Get a live demonstration today by contacting our Customer Success team.
Ready to elevate your game? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.
***
Take VENZA’s free Phishing Test to assess gaps in your human firewall today!
Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.
***
Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.