A recent survey by Varonis of 500 security professionals from the U.S., UK, and France highlights the top three cybersecurity concern for 2018: Data Loss, Data Theft, and Ransomware. Sadly, we are overlooking the bigger problems!
Missed the Target by a Mile
I think we are scrutinizing at the small and known threats, when we should be looking forward at the significant risks coming our way. In some ways, it is like the child in the crosswalk who is looking down at their untied shoes, while oblivious to the truck speeding towards the intersection. The top survey results are not surprising, just disappointing.
The Real Threats
Here is what the world should really be concerned about, when it comes to cybersecurity:
Not a Flawed Survey
Sadly, I believe the survey was accurate. This means those professionals who provided answers are only seeing the near-term problems: the very ones they fear most. These issues are annoying, but do not compare to what is just around the corner. The risks are as mismatched as much as the capabilities to prevent, detect, and respond to them. Consider that there are already mature tools and defenses for data loss, theft, and ransomware. They just must be instituted, configured, and maintained to work against most attacks. For the real threats, we are much less capable in our defenses. Granted, the participants may not have many options to choose from, but the answers given may speak volumes about those who voted for these categories. Namely, that they are likely not as prepared for these basic risks as they would like, therefore they fear what they know will come. With their focus on these, they fail to see the long-term strategic picture. That is bad for everyone, except the attackers. Without looking forward, like the child in the crosswalk, they are likely to be surprised when the truck hits.
We Must Do Better
We must think strategically if we want to be prepared and make a meaningful difference.
“Plan for what is difficult while it is easy, do what is great while it is small” – Sun Tzu
If we don’t perceive and understand the big problems ahead, we stand little chance in addressing them early.
Where do you stand? Is your attention only on the immediate and well-understood risks?
Interested in more? Follow me on your favorite social sites for insights and what is going on in cybersecurity: LinkedIn, Twitter (@Matt_Rosenquist), YouTube, Information Security Strategy blog, Medium, and Steemit