Pay Attention: "The Bad Guys Only Need To Win Once"

Familiarity breeds content. It may also breed contempt, but in terms of living your life on a daily basis you have habits that make you content. They are your daily routine: you wake up at a generally consistent time, you get into your conveyance (car, van pool, subway, etc.) around the same time, you eat lunch about the same time, you leave work around the same time, and so on. Maybe on the evening before a weekend you hang out with your pals at a happy hour event. On your weekend you go grocery shopping and of course you have a set time to call your parents.

The point of these familiar habits and routines is to reduce the amount of attention you invest in deciding about whether to do something or how to do it. Habitual actions decrease attention spent on routine activities and increase attention time on activities that require your attention. This is the nature of vigilance.

Because attention is almost like a quantity -- you pay attention, make attention, focus your attention, or lose attention -- vigilance is hard work. Imagine that you are managing a cybersecurity system that required your constant attention all day; you might be stressed out within hours. So you develop cybersecurity routines, schedules, and safeguards. And you keep up your routines because nothing seems to have happened. You don't adjust your routines. You get comfortable.

There's a reason why airports have security screening systems. No one likes security screening. But as the airport security people put it: "the bad guys only need to win once." 

In cybersecurity, the only constant is that there will be increasingly sophisticated risks. Sure, there will always be plain ol' phishing scams -- last week I got a "blast from the past" email about the heir to an investor who needed to store cash in an American bank account, it was so nostalgic -- but these are less effective because we have developed personal vigilance-reducing routines for these sorts of risks: we have email rules that send them to spam.

An effective cybersecurity risk manager should be thinking about these questions: Are you prepared for risks that you haven't encountered before? How would you know? What would you do if your new boss wanted to know how you have mitigated risks?

Drop us a line in the comment section to let us know about the types of cybersecurity habits or routines you use. How effective are they? Where do you focus your attention?

Ask us how Pythia Cyber can help you make cybersecurity vigilance a manageable and effective routine. Remember, the bad guys only need to win once, and that means you need to win every minute of every day.

p.s.: don't forget to call your parents this weekend.