Excerpt from Institutional Investor
Keeping a company protected from hacking and data theft needs to be a continuous process, rather than a set of stopgap solutions
By David X Martin
Cybersecurity is not a technical issue. It’s a managerial problem that requires a new approach to risk management.
Imagine going down a river in a rowboat. Water seeps in, and you cannot see below the waterline — or, as it’s called in cyberese, the attack surface. While on the river, you bail the water out, and upon arriving back onshore you patch the most obvious holes. The very next day, you purchase a new product that ensures the bottom of your boat is absolutely water resistant. Now, feeling highly confident that you solved yesterday’s problem, you take the rowboat out on the river again. This time, you go over a waterfall and wreck the boat.
In cybersecurity, it’s simply not a question of what could go wrong today but, rather, what if such things happen tomorrow. That’s why companies need to become intelligence-driven organizations.