Cyber is not the solution
Cyber is the problem itself
The word cyber is used as a marketing term for roughly information security related topics. Everything is cyber. We are experiencing a cyber fatigue right now. Adding the term cyber creates no additional value. It is lipstick on a pig.
If you want to create a better environment, you have to face the problem itself. Proclaiming a cyber solution will not help you. It is the headless chicken mode in action. To really improve the situation, you have to face reality.
Management only learns the hard way. The only working KPI is money. Translating risks into real money is key.
How to improve
Most companies spend millions on defending against advanced threats and will be screwed over by a teenager, because they ignored baseline security. Don’t brag about your next gen multi stage SIEM, if you still don’t know what devices belong to your company.
If you are unable find a raspberry pi on your network, please stop telling me, that you are able to stop a bad actor. Being able to analyze, deeply understand and improve business from high-level down to bits and bytes and the other way round is crucial for success. Playing the random ass guess game won’t cut it. Sadly a lot of managers are terrified by that.
Get answers from management!
What are you doing? Why are you doing it? What problem are you trying to solve? Does it matter? Are your goals aligned with the greater good? If you can’t answer these questions, you are doing it wrong. I am looking at you, management!
