Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community
When ‘No’ & ‘Good enough’ challenge cybersecurity
2 Min Read
In the realm of cybersecurity, the path to securing necessary resources often is strewn with obstacles, chief among them hearing the word “no.” This response is not just about budgets, although financial constraints play a significant role; it’s also about convincing leadership of the indispensable value of comprehensive cyber defense strategies. The reality is, every chief information security officer (CISO) will, at some point, face pushback — be it from a chief financial officer (CFO) who is skeptical about the return on investment of a new cyber platform, or a CEO who underestimates the vulnerability of the enterprise, believing a “good enough” EDR or SIEM solution will suffice.
However, the reliance on “good enough” in cybersecurity is a precarious stance at best. In physical security terms, it’s akin to leaving the doors unlocked in a neighborhood where break-ins are rampant. These vulnerabilities are not novel; organizations have struggled to protect against them for decades. Weak passwords and phishing scams have persisted as root causes of security breaches because we have failed to effectively remove shared secrets from the process of verifying users, and social engineering makes it easy to reset or steal credentials.
Advanced cybersecurity capabilities aren’t just technological upgrades; they’re essential defenses against increasingly sophisticated attacks. Without the right tools and resources, organizations — especially those handling vast amounts of data — become significantly more susceptible to cyber threats. The aftermath of a “no” can be dire, transforming potential threats into real, often headline-making data breaches.
Influencing the Organizational Mindset
The challenge, therefore, for CISOs is not only in navigating the immediate impact of these refusals but also in influencing the broader organizational mindset toward cybersecurity. It’s about painting a vivid picture of the potential consequences of inadequate defenses and advocating for the investments that are necessary to mitigate the risks. One recent and high-profile example was a mistaken $25 million payout by a finance worker after being duped by a deepfake video. Very costly errors like this are also why it’s essential to recognize when an impasse may signal a deeper misalignment with an organization’s values and priorities. In such cases, a CISO could find themselves exploring career opportunities elsewhere, whether by choice or by necessity. In either case, you’d want your new environment to be more receptive to and conducive of proactive cybersecurity practices.
To read the complete article, visit Dark Reading.
