We are too often self-defeating when it comes to cyber security. In part one of this series, we took a hard look at how a lack of ownership and accountability lowers our defenses and increases our risks. In part 2, we take a look at our communications breakdowns, our unwillingness to share, and underestimation of human behavioral change.
Read Part 1
We don’t realize the core dynamic has changed
Cyber puts us all on the digital front lines. Everyone, every system, and every device is vulnerable. This disrupts the traditional market dynamics of customers, vendor/supplier, and competitors. Long established expectations, tensions, and transactions that created the rules of engagement are being disrupted.
Tried and true business axioms, such as the “customer is always right,” and “the first to market wins,” have shaped how we innovate, communicate, and operate. Cyber security is changing all of that. Cyber attackers are the new player in the market, and they are going after everyone. They exploit our traditional dynamics. Have you ever received a phishing email from someone pretending to be from your bank? The cyber attacker is capitalizing on your trusted relationship. Companies are so busy trying to rush to market that they regularly skip basic cyber security steps. Cyber threats depend on that for their attacks.They hope we don’t share cyber security information or collaborate. They count on that confusion and lag in response time to launch their exploits – more on this later.
The biggest problem is that we don’t realize there is a new dynamic. In the old dynamic, the customer is king, and those who don’t understand that are quickly replaced by those who do. So, when it comes to cyber security, customers naturally have expectations that their vendors/suppliers are fully responsible for protecting them. This is both unrealistic and impractical. The dynamic has shifted from provider-to-consumer to provider-and-consumer vs cyber attackers.
The new cyber world order relies on a much more collaborative relationship between vendors/suppliers and customers. Whether the customer is an individual consumer, or a small, medium, or large enterprise, the dynamic needs to be redrawn. Once a customer purchases a device, service, or even a component, they are accepting responsibility over its cyber security. The provider simply does not have the visibility or control to ensure strong cyber security. This means that it is incumbent on the customer to understand and use cyber security best practices. When a cyber event does occur, the providers and customers need to know how to effectively communicate and collaborate to remediate the incident.… Read the rest