Management of many companies are missing some important opportunities in the area of cyber security. Opportunities that could be avoided by applying some simple rules of economics. For example, one principle of economics is that the entry cost into a type of business plays an important role in determining who can enter into it. For hackers, the entry cost is quite low, so the system encourages them to enter the business of hacking. The answer is to raise the entry cost to prohibitive levels. This can be done by enhancing the difficulty of hacking the system, which means raising barriers to unauthorized entry.
That sounds simple and basic, but it requires a lot of planning. The big issue these days is that automation is pervading all aspects of the business, and security has not kept up with it. Many new systems do not include strong security measures, and because of the proliferation of different systems, certainly are not integrated across the company. And risks vary tremendously among these different systems.
Addressing this disparity requires high level planning at the board level and also senior management. A mistake often made is to leave it to the IT department. That's a big mistake. It's a major strategic issue, not a technological one, and needs to be addressed as such. For more on this area, check out this link.
No comments:
Post a Comment