Being proactive about cybersecurity requires effort, investment and a willingness to be inconvenienced. That’s why most take a wait-and-see approach. Let’s start with the fact that those are confusing, dangerous and scary topics. So, we desperately try to avoid dealing with what is more comfortable for us to repress. Being proactive about anything — including cybersecurity or preventing heart disease — requires effort, investment and a willingness to be inconvenienced.
That’s why it is only too human to take a wait-and-see approach. After all, why invest the effort when we might never have to endure the trauma? That is the same approach many of us take, whether we are talking about our business or our bodies.
Consider heart disease. Mostly, heart disease is preventable, though many of us live our daily lives ignoring the steps necessary to prevent it. We eat what we want to eat, refuse to exercise, allow stress to consume us, and are shocked when the chest pain comes. According to the Centers for Disease Control and Prevention, an estimated 80% of cardiovascular diseases are preventable. The average American completely ignores the advice. We reach for the cheese dip when the salsa alone would have likely been a better choice.
The mindset that dictates how most of us approach our health also drives how we view cybersecurity. It is natural to avoid such a big topic that we believe there is nothing we can do to influence it. As with most things ignored, every day without tragedy builds an even stronger false sense of security. That false sense of security then confuses the difference between the words “preventable” and “inevitable.”
A few weeks ago, the world experienced one of the largest hacks in modern email history. A Chinese nation-state group known as “Hafnium” took advantage of four exploits in Microsoft’s on-premise Exchange Server software. Your corporate email and calendar information likely flows through such a system. According to the security company Volexity (credited for identifying some of the issues), the attacks started in January. Attackers installed and used software to take email data. Anyone running Exchange on-premise servers could have been, and likely were, affected. Conversely, users entirely using Microsoft’s 365 cloud-based system were not.
Things happen. There will always be cybercriminals and other nations that attempt to weaponize IT to achieve their goals. The real issue is more extensive than this latest compromise. The real problem is the mindset of heart disease.
Every size business must wrestle with the economic realities and operational mandates of cybersecurity. Given the human tendencies to think “it won’t happen to me,” businesses have a porous IT environment with little oversight and operating principles and policies that are grossly out of date. While some of these attacks will not be preventable, the destructive effects can always be managed and mitigated. The mindset of “we’ll deal with it when it happens” is reminiscent of how many treat physical health. I have started viewing the issue as a cyber/heart disease. That mindset can put you out of business.
Getting ready for a “new world order” demands constant monitoring of cybersecurity for both your family and your company.
If you only think about cybersecurity when a breach or vulnerability hits the news, you are at-risk. Make a plan and follow it even when it is not convenient. It is time businesses got serious about changing the mindset on their approach to cybersecurity. Let’s turn our thoughts into action; celebrate a new cyber plan. Then get outdoors for some exercise. Your heart and your business will thank you.
Mark Hodges is vice president of sales and client management of Arkansas IT services firm Edafio Technology Partners. The opinions expressed are those of the author.