Talking about cybersecurity in a way that makes clear its value to executives isn’t always easy. CIOs know this challenge all too well; and while you can break it down to show business KPIs (key performance indicators) or the ROI (return on investment) that you get from cybersecurity, or the costs per breached record and the amount of downtime that follows an attack; an actual scenario could be more helpful.
An example of how an attack affects a company’s infrastructure can help both the non-tech executive (to understand the value and importance of cybersecurity in a way that relates to business) and the tech executive (to share a similar scenario to get the support they need to implement a more than average cybersecurity posture). It puts things in perspective from an operational standpoint.
So, let’s say your company gets attacked by malware. The first steps start with your network since it connects everything (management software, devices, clouds, apps, etc.) and enables collaboration and communication between departments. Next, you’ll be looking at the PCs you use, your servers, and applications. Basically, your entire infrastructure will need to be checked, software reinstalled, applications scrubbed, and a final check once everything has been done.
Now, depending on the size of your infrastructure, this process can take anywhere from a week to two weeks or more. In those days you won’t be able to use infected devices and potentially anything on your network, so your operations will have to be managed manually, slowing down everything. The scenario doesn’t sound pretty, does it. Now, imagine a real-life scenario.
Shipping giant A.P. Moller-Maersk shared their real-life experience at the World Economic Forum. They told attendees of how they were forced to reinstall the software of nearly 50,000 devices within their company following the NotPetya attack that had affected their systems. They also added how they had to reinstall software to their entire infrastructure, which involved 45,000 PCs, 4,000 servers, and 2,500 applications. It took them 10 days to complete the process, and even though their employees managed to manually process 80% of the work volume, the NotPetya incident still cost the company $250-$300 million.
What was even more interesting of this shared experience was how the company realized after NotPetya that their cybersecurity capabilities had been only “average” (as their chairman, Hagemann Snabe, put it), and that now the company is determined to improve cybersecurity so that it becomes a competitive advantage for them. Hagemann Snabe also stated how it is time to stop being naïve when it comes to cybersecurity and that it is important to be proactive not only reactive.
Even though many companies are starting to implement the basics of cybersecurity, there is still so much more to do if you’re going to go beyond average cybersecurity posture.
No matter the size of your company or the questions you may have, if you know you need can do more when it comes to cybersecurity let’s chat.
Schedule your free consultation to find out how to get to the next level with your cybersecurity so that it can be your company’s competitive advantage.
Photo courtesy of wutzkohphoto