Cyber Security Policy: To Impose or Not to Impose?
Educate teenagers about the ill-effects of drugs and chances are they might refrain from doing them. On the other hand, ‘order them’ not to do drugs, and chances are they might become life long addicts. The same principle applies when it comes to framing cyber security policies as well. Considering the ever-evolving IT security threat landscape, a too stringent cyber security (which may irk your employees) does not necessarily mean your organization is safe from hacking forever. At the same time, a too easy-going cyber security policy may serve as a welcome sign for hackers.
So, what is the solution? That it’s best for IT security policy architects to tread the middle ground when it comes to framing cyber security policies.
Cyber Security Policies: Do We Need Them?
Certainly. No doubt about that. With the recent spate of cyber attacks – with WannaCry ransomware crippling Britain’s NHS services and Petya reducing shipping giant Maersk to using ledgers – the need for a security policy which can ward off dangerous cyber attacks is more than ever. Now the question is: How do you go about configuring these cyber security policies?
Moderation is the Key
Hackers will always find new ways to hack. Every evolving security technology is just another barrier which they’ll break over time. So too stringent a cyber security policy is never the answer for countering your IT security threats. Because no cyber security policy is – or will be – foolproof for long. Instead, the focus should be a well-thought of “contingency plan” which will assist you if and when the hackers strike. In other words, ‘disaster prevention’ should be the crux of your IT security policy.
Resilience is the Future of Cyber Security
“Life is not about how many hits you can give but rather it’s about how much you can take and still keep moving forward”, goes a quote from Rocky Balboa movie. This quote could well serve as a guideline for IT security policy architects as they frame cyber security policies. Resilience and recovery are critical factors which simply cannot be avoided, especially considering the number of unresolved or unpunished cyber attacks.
Remember the Tortoise Vs Hare Tale?
Would you like to be the slow-paced tortoise which worked steadily without giving up and eventually won or the complacent rabbit? The idea is that even a simple cyber security policy rooted in security best practices can sometimes serve better than a sophisticated, heavily costing cyber security policy which blankets too many things. Believe it or not, you can win this race against hackers. The key is to take things slowly and steadily.
The Bottom Line Is….
Cyber security measures you take should make your organization more resilient and should not introduce unnecessary hindrances in the way your organization functions. Because who knows, the cost of a cyber attack might very well be outweighed by the productivity loss and business costs you may incur due to an ill-planned cyber security policy. So plan wisely. Execute meticulously.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.