Fear, Uncertainty, Dread, And You

Fear and uncertainty and dread sell. 

You have a lot to fear, there is always uncertainty, and therefore you dread. It's how your brain is wired.

Don't fight it. Instead, manage it.

Let's think about this from a cybersecurity perspective.

Leaders or managers: Does your company have business dealings regarding socially controversial products (e.g., guns or alcohol or tobacco)? Does it have supply chains or significant exposure in "global hot spots" (Eastern Europe, "blood diamonds," use of potential child/slave labor, rare-earth minerals mining, or gas pipelines over tribal lands)? Does your company publicly support political causes/candidates?

If so, your company can be targeted by people who are against that -- whatever that is.

Investors: Does your model involve disrupting or closing business? Do you do business with countries with less than stellar reputations for, you know, human rights, etc.?

If so, your company can be targeted by people who are against that -- whatever that is.

No judgment here. 

Remember what we said about how cybercrime comes in many different forms. That means your continuity of operations plan needs to prepare for, and be verifiably robust relative to, multiple potential cybersecurity issues.

Instead of fear and uncertainty and dread, let's get re-focused on facts.

Fact: just because "nothing happened" doesn't mean you are not being attacked by external gangs trying to disrupt your operations.

Fact: you are being targeted right now by insiders. That's right, people with access to your systems, to whom you send a paycheck or a performance bonus, who attend your company parties and sit in on your business meetings, maybe even that person you sit next to at executive retreats -- some small proportion of these people are, right now, trying to disrupt or destroy or steal from your business.

Fact: your uncertainty about the type of attack you face means that you should fear being unprepared to be able to verify that your systems are secure.

Fact: if your systems are breached and then you're sued because let's say a client's information was stolen because your systems were not secured, you will experience significant dread of the discovery process and what it will mean for your company and your own reputation.

Fact: if something happens and your plan did not mitigate or defeat or at least track it, it's your fault -- not theirs.

Fact: you will be targeted by artificial intelligence (AI) agents trying relentlessly to beat your systems. They are getting better all the time, and -- just guessing here -- you are not keeping up.

Spiders do spider things. You need to do cybersecurity risk management things.

Ask us how you can move from BEWARE to PREPARE.