Cybersecurity and the Power of Belief

Jan 2, 2020 8:00:00 AM |

Ryan Wallace

Social Share:

How Rethinking Your Public, Private, and Core Beliefs Can Improve Your Cybersecurity Posture

jason-leung-nBy2abg-6UM-unsplash

“Belief” Defined

It should come as no surprise to us that belief drives everything we do as humans. In honor of the New Year and resolutions, I’d like to bring a little philosophy to the table and show you how it can improve your organization’s cybersecurity posture.

Michael Novak, a renowned philosopher, journalist, and diplomat, proposed that people in reality have three layers of belief that drives what they do and how they act.

  • Public - What you say you believe (what you tell others)
  • Private - What you tell yourself you believe
  • Core - What you actually believe (how you act + what you do)

Let’s take a real work example: my own.

Publicly, I talk a lot about how we should always be focused on bringing the client value in everything we do. Privately, I tell myself that I brought value to the client on a recent engagement with this mindset. But in reality, I may have only half-heartedly served the client on a particular week because my toddlers’ tendencies to wake up super early left me in a grumpy mood, or neglected to plan at a level to reach our team’s full potential to provide that value.

It’s not hard to see how this applies to every area of your business. But with cybersecurity being the #1 business risk, it’s time to exercise “situational awareness.”

Cybersecurity and Belief

Now that you’ve had a chance to self-reflect on the three layers of belief, let’s take a look at how this could apply. Think about your role in IT - whether you’re a CISO, IT Director, HelpDesk manager, or just an everyday user in your organization.

Public Cyber Position

Talk is cheap, but it is worth something. You should make sure your basics are covered, and publicly, this means ensuring you have things like:

  • Information Security Policies (and procedures for your IT personnel)
  • Publicly available security reports (for example, SOC reports)
  • Job descriptions and responsibilities for every member of your IT and security staff

Private Cyber Position

You can’t build a business without people. For cyber, this specifically means arming your team with the necessary tools to make sure the #1 business risk is addressed in your day-to-day operations.

This could look like:

  • General and role-specific (think domain admins vs Help Desk technicians) security awareness training
  • Job descriptions and responsibilities for every member of your IT and security staff

Core Cyber Position

Finally, none of the above matters if you’re not going to hold yourself (and your users) accountable. Employing the use of periodic (or if you can swing it, continuous) audits and security testing will ensure that what you say you do matches what you actually do.

Posture matters. It matters when building your brand, your organization, and protecting the data of the users’ that you’ve been entrusted.

Take time to honestly examine what you need to do differently to build the cyber posture that you want.

COMMENTS

THIS POST WAS WRITTEN BY Ryan Wallace

Ryan Wallace is a Cyber Risk Supervisor at HORNE Cyber where he works to provide IT-focused assurance to clients both public and private.