Why No One talks about Cybersecurity in the beginning?
Why No One talks about Cybersecurity in the beginning?
It all Starts with a requirement which makes up a compelling Business Case
A perfect business case starts with a revenue model and target of $ 10 Million YoY and cost of development is approx $ 500K in 6 months.
Statement sounds familiar?? Yesss Absolutely - It makes good Business sense - Why Not and Cybersecurity is Definitely not your Business; So.... Why should anyone talk about Cybersecurity in the Beginning.
The Basics & The Strategic aspects influencing the need for security
- Is your Business relying on technology in any form ?
- Do you use internet for any business purpose - as simple as hosting your website ?
- Does your employees have Company Identities - not just a user accounts ?
If the Answer to any of the above is YES; Not Talking about Cybersecurity then is a Bigggggg Mistake and Be sure that someone would find out sooner or later
Verizon Data Breach Report 2019 says
- 52% of cyberattacks involve hacking - which is no Big Deall these days: anyone can Hack
- 34% of attacks involved insiders - All you need is an Ooops from a Novice employee
- 43% of cyberattacks were on small businesses - out of which a confirmed chunk of incidents total up to 27000
Lets spend a minute to understand What is Cybersecurity and Why we should we think about it? Cybersecurity: simply put - Its a Practice of Protecting Assets in the Virtual World from both intentional and unintentional means. In order to understand Why Cybersecurity: lets review a situation?
If the there is an ATM machine, if anyone is able to find the key; they can just punch in a number and walk away with some cash. Is that called a Crime? - Remember; there are no Rules or law governing the above ATM Machine. What if you can do the same thing - being 5000 miles away from the ATM ...!!! Even if there are laws governing the use of ATM; it may or may not apply to you. Is THIS a Crime? Probably now security would be of a consideration.
A Business situation:
What is an Asset - something of Worth; When in Business - What is your Asset - Lets say; a "Plant Machinery" which runs on "Electricity" Can someone steal it? Neaahhh.. Its Toooo Biggg....
What does it mean to your Business if something goes wrong with it - Company would incur a loss
Do you want to prevent Losses to your company - If Yes; then you need to ensure its Secured ENOUGH!!!
Apply Internet 2.0 to the same Business situation; Replace: "Plant Machinery" = "Web Application"; "Electricity" = "Internet" - - Restart & Re-Do The Same Business
What is an Asset - something of Worth; When in Business - What is your Asset - Lets say; a "Web Application" which runs on "Internet" Can someone steal it - ....????????.....
What does it mean to your Business if something goes wrong with it - Company would incur a loss
Do you want to prevent Losses to your company - Yes; then you need to ensure its Secured ENOUGH!!!
Notice how dynamics change with the New Age Fundamentals
When you are in Business; You or your Business is Producing something of WORTH in some form or the other which at the end is nothing but DATA; that is the New Oil meaning its the new Definition of Asset; The Business will incur losses if this Asset ='DATA' is compromised
- DATA Produced has to be Stored - Data at Rest - What if its Compromised
- DATA to be processed to do business - Data in Transit - What if its Modified
- DATA after serving its purpose has to be archived - Data Retention - What if its Stolen
Are all the above questions answered RIGHT in the beginning - IN THE BEGINNING ????? Furthermore: its a very important aspect to consider whether the Business requirements are being consolidated with regards to an Enterprise Architecture. Now is probably a good time to get a face off with an Enterprise Architecture Model: Example: Zachman Framework
While drafting a business case; first identify your individual Audience categories and then consider all perspectives. The resulting Business Case should then be evaluated on a risk based approach for its Pros and Cons.
At this stage: you should have a got a good idea as to: Why no One spoke about Cyber Security in the Beginning