When It Comes To Cybersecurity, Simplistic Is Anti-Simple

You know the mantras:

"Keep It Simple, Stupid!"

"What if we do nothing?"

"What problem are we trying to solve?"

Most people in organizations try to avoid accountability because they assume something will go wrong and hey it wasn't my fault it was hers.

True story: I know someone in a team meeting whose manager drew a line on a white board, then drew a loopy W on the line. The manager then said: "If you make a recommendation, just remember it's your [three-letter biblical term for a donkey] on the line." Guess how effective that was for idea generation. But hey the manager kept his job.

Cybersecurity is not simple, but addressing it won't work if your approach is simplistic. In other words don't confuse a simplistic solution with a simple solution.

Simple solutions clarify situations that meet your needs. Simplistic solutions seem "smart," but they require re-work and revision and aren't quite right and don't quite fit.

Facts are facts:

*if you have devices that create connectivity to the Internet or to a phone grid, you need a cybersecurity risk management plan

*if you have a cybersecurity risk management plan, you need to demonstrate that it's working

*in order to demonstrate that the cybersecurity risk management plan working, you need to audit the plan's results.

Cybersecurity is not simple but planning is simple. As a manager, you need to ask and answer two simple questions:

*what do you value, and how does your cybersecurity risk management plan protect what you value?

*how will you know whether your cybersecurity risk management plan protects what you value?

Here are two simplistic questions to avoid:

*what if we do nothing?

*what problem are we trying to solve?

Pythia Cyber is here to help you ask the right questions. If you don't ask the right questions you will get the wrong, but simple, answer.

Ask us how Pythia Cyber can work with you to define what cybersecurity investment is best for your situation to create provable cybersecurity ROI.