Prevention is better than cure: the most common reasons for implementing cybersecurity solutions

National Cybersecurity Month

Cybersecurity is not something that many companies take seriously until it is too late, says Cloudica CEO Adam Kotecki in this newest post to mark National Cybersecurity Awareness Month in October. 

In his influential Sc-Fi book The Hitchhiker’s Guide to the Galaxy, Douglas Adams describes a mysterious creature that due to its lack of intelligence has a very peculiar way of defending itself. 

Ravenous Bugblatter Beast of Traal (a mind-bogglingly stupid animal, it assumes
that if you can’t see it, it can’t see you—daft as a brush, but very very ravenous) 

I believe that many board members in hundreds of companies behave just like the Ravenous Bugblatter – at least when it comes to devising a solid cybersecurity agenda. They close their eyes and cover their ears. They watch their pennies and are deaf to arguments. They think that somehow things will fall into place on their own. 

A recent report issued by McKinsey & Company says that “few organizations have made sufficient progress in protecting information assets.” 

The report says that the majority of companies today are still in a “foundational” phase of developing a cybersecurity strategy for their company. However, the report adds, there is much more that needs to be done in order to achieve full digital resilience.  

Around 70% of companies are at a stage between reactive, ad-hoc action and reaching maturity. 

There probably won’t be many C-level managers who, after reading this, will conclude that they don’t want to go down this path. And yet, most companies are really only at the beginning of their journey. 

What reasons do I – a cybersecurity consultant – see for such a state of affairs? 

As I mentioned earlier, many companies take the “Ostrich approach” – burying their heads in the ground hoping for the worst to pass. 

Another reason for this apathy is cost. When we discuss budgets or cost estimates, managers once again prefer to close their eyes and hope they will never need to go down that path. 

Because at the end of the day, investing in cybersecurity is like having an insurance policy on your car. The best scenario would be to have the best-ever cybersecurity in place. And never have the need for it!  

Zen and the art of risk estimation 

The best argument to justify an investment in cybersecurity is to find a balance between cybersecurity costs and risks. 

The simple truth is that to estimate such a balance (right in its essence) you need to understand the risk. And this is something that practically no one can realistically estimate.  

In smaller and medium-sized companies, most often we often use a few formulas to come up with an answer which allows us to “have the cake and eat it too”. 

Risk assessment, however, has mainly a practical purpose and is not exclusively a regulatory (ie legal) formality. 

IT assessment is an activity on a “living” organism. It is like a doctor examining a patient. All sorts of things can come out, including those we would prefer to “sweep under a rug”. Often the person carrying out the audit – especially from inside the company – is in some way responsible for the results and is often on friendly terms with the very people responsible.  

This is where the value of an external auditor comes in. Such an expert does not have to fear that such relationships can be damaged. He only has a desire for long-term cooperation. Employing an outside firm to examine the current state is a cost and risk.  

The sad conundrum is that often only a significant failure or intrusion into important systems causes a quick wake-up call. However, I know of cases where even this is only temporary. Once sobered up, the customer forgets about the risk and even starts denying that lightning ever strikes twice. They sometimes support themselves with bad statistics and claim that the chance of another break-in is low. 

My hopes in this area are raised by reports that customer awareness of these issues is rising.  

Hopefully, the mentality of the Ravenous Bugblatter Beast of Traal will disappear and be replaced by factual risk analysis and a thoughtful strategy to implement cybersecurity solutions at a level appropriate to the type of company/data and risks. 


Ready to meet the only technology partner you'll ever need?

Cloudica needs the information you provide to contact you about our services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy policy.

Once the above questions have been answered, a disaster recovery and backup readiness index can be calculated based on the following scale: 

  • Level 1: Inadequate – The organization has significant gaps in its disaster recovery and backup posture.  
  • Level 2: Developing – The organization has some disaster recovery and backup processes in place, but significant improvements are needed.  
  • Level 3: Mature – The organization has a mature disaster recovery and backup posture, but there is room for improvement.  
  • Level 4: Robust – The organization has a strong disaster recovery and backup posture and is well-prepared to address potential disruptions.  
  • Level 5: Exceptional – The organization has a comprehensive and mature approach to disaster recovery and backup. 

The disaster recovery and backup readiness index can be calculated by assigning a score of 1-5 to each question based on the level of readiness demonstrated. The scores are then averaged across all questions in each category to determine the readiness level for that category. The overall disaster recovery and backup readiness index is calculated by averaging the readiness levels across all categories. 

Level 1: Basic
You have minimal cybersecurity processes in place and face a high risk of cyberattacks. Immediate attention and significant improvements are necessary to enhance your security posture.

Level 2: Developing
You have some cybersecurity processes in place but require substantial improvements to reach a mature state. You should focus on strengthening your policies, procedures, and security controls.

Level 3: Mature
You have a solid cybersecurity posture, but there is still room for improvement. You should continue enhancing your processes, monitoring capabilities, and incident response practices.

Level 4: Advanced
You have a strong cybersecurity posture and are well-prepared to address potential threats. However, you should remain proactive and stay abreast of emerging threats and technologies to maintain your advanced level of security.

Level 5: Leading
You have a comprehensive and mature approach to cybersecurity. You are a leader in cybersecurity best practices and continually innovate to stay ahead of evolving threats.

Dziękujemy za rejestrację!

Link do webinaru otrzymają Państwo mailowo dzień przed spotkaniem.

23 Marca 2023

10:00 via MS Teams

Tomasz Woźniak

Thank you!

To download our e-book „The best way to Outsource IT Staff” click button below