All the millions spent on cyber defense will not protect you. You will most likely not prevent a breach by a determined "bad actor". No firewall, SEIM, UBA, SOC or any other tool or programs you've implemented so far can protect you from prevailing threats; certainly not an insider. So what do you do to ensure you stay open for business? How do you manage the exploding cyber risk?
If security is a myth. And compliance with prevailing standards, (e.g. NIST) only ensures you've given hackers a (pretty easy) road map into your enterprise. What factors determine whether you stay open for business?
5-factors organize how you plan to survive in the cyber threat ecosystem:
1. Team, Talent, & Culture -- How you infuse cyber into hiring, organizational design, training, leadership, and company culture/ethos.
2. Architecture & Tools -- What tools you select and how they are integrated to ensure an agile, sustained, and robust challenge to threats.
3. Process & Policy -- How you design and enforce the machines and practices that keep your business operating, your data protected as an asset, and your business engaged with your markets.
4. Information Resilience -- How you permit, mirror, and manage interaction with data. How you have modularized or compartmentalized your business to ensure no single threat can conceivably take your enterprise off-line.
5. Threat Intelligence -- The degree of sustained awareness you maintain to ensure you understand the nature, vector, and degree of likely threats to your business.
Your ability to design your business, your technology platforms, and your culture to ensure the most positive cyber posture in each of the above factor areas is what sets you apart from your competition. Any further complexity in organizing frameworks or nuance is deminimus and will likely die during implementation under it's own weight.
If you can address the cyber risk from top down in ways that other risk pools are addressed, you'll likely survive to face other business challenges. You will organize, lead, and improve your business to ensure you have done enough to make you relatively less attractive than other potential hacker targets. You will assume reasonable risks in terms of pushing information to your market and encouraging the market to interact with your business. You will rationalize and simplify your tools and processes to a sound set of robust capabilities, the outcomes of which you will measure on a sustained basis in business terms.
The cyber battlefield is where the game of life and business is now played. You and your business can't reasonably opt-out of engaging with customers on that battlefield. You will ensure your team is prepared to engage in the defense of your and your customers' information. The cyber threat is persistent and growing in terms of volume and complexity. Your ability to to thrive in this environment will be deterministic of your market position and possibly your very existence. Play to win.