Forget the search for cybersecurity perfection [Commentary]

Capture.jpg

“Perfection is the enemy of accomplishment.”

Variants like this abound of the aphorism popularized by Voltaire, “Better is the enemy of good.” The general thought has existed since the time of Aristotle and even Confucius and likely even before them. I personally like this version, but it’s the thought that counts.

In today’s political landscape, progress on numerous issues seems to be held hostage by those who only support measures that conform to every jot and tittle of their personal wishes. Headlines and quotes abound while progress on significant issues, including healthcare, education, and legal reforms are blocked by those seeking perfection. Of course the founding fathers purposefully designed a government that would enhance debate and disseminate power, “…in order to form a more perfect union.”

Delays We Can’t Afford

Today’s cybersecurity threat environment, however, does not allow us unlimited room to maneuver. Untimely delays increase the damage and cost associated with these threats. Cybersecurity threats, inclusive of all forms, are some of the most powerful and potentially destructive things we’ve faced in a generation or more, but we’re stuck debating the “perfect” way to respond.

While we wait, and debate, we remain at the mercy of those who are set on disrupting, stealing, and destroying the world that we’ve spent so long creating. I’d even go so far as to say that many of our leaders and decision makers have buried their heads in the sand to the reality of cybersecurity threats.

To borrow from Aldous Huxley, “Facts do not cease to exist because they are ignored.” It’s a brave new world, indeed.

Cybersecurity is a Journey

Stories from the recent past about information theft from the CIA, NSA, OPM, Target, Yahoo, Home Depot, Aramco, and the DNC are all examples of the current threat landscape. The lack of attention to cybersecurity health and concomitant threats involve every aspect of our lives, our culture, the political environment, commercial entities, and our national security.

I was in a meeting recently where government leaders stated that they needed to wait on the current administration before improving on their insider threat and cybersecurity programs. In a different meeting, commercial business leaders confided that they were surprised that they were still being successfully attacked even though they thought they had good cybersecurity programs.

Both groups believed that they had sufficiently invested in appropriate technology and followed their compliance checklists. They all, however, missed what we know to be a security reality. You can’t wait to make improvements, and you can’t assume what worked yesterday will continue working tomorrow. Cybersecurity is a journey, not a destination.

To make things worse, they all ignored the human element and remained focused on technological solutions. Successfully countering the threats we face is not solely an IT problem, even if there is a significant IT component to it. The story begins and ends with humans, and until our leaders grasp and fully comprehend the sum total of the threats they face, we will all be at risk.

Leave Perfection Behind

We live in a crippled world when it comes to securing our information. We don’t counter threats effectively because we’re stuck with the flawed mindset that technology will answer all of our problems. There is no debate and there’s no real parallel in history, as much as I’d like to point to one. It’s going to take a new way of thinking, a new way of conducting our business, and dare I say working with solution providers who don’t just want to sell you another piece of software, but who want to work together with you and understand how their technology will work in your environment, with your data, and for your users and cybersecurity employees. No technology is perfect and you will be breached at some point; it’s better to work with a trusted partner who understands that reality and doesn’t try to convince you otherwise.

Perfection is an illusion; it doesn’t exist. Strive instead to continuously evolve and improve, and leave behind the debate and false expectations that have gotten us nowhere over the past decades.