Recently, a private-sector partner opined that it would be nice if the millions of dollars he was putting into defense wasn’t defeated by a $500 tool easily rented online. It doesn’t matter whether you’re from a government agency, a contractor, or a retailer – no one seems to be immune to this problem.
But there are some relatively simple steps that we can take to make those investments more effective against the $500 tool. Just as a neighborhood bands together to raise its collective safety, we can work as a community to strengthen our collective defenses to make it harder for those who wish to cause harm.
First, we can broaden how we think about cybersecurity to make our defenses more effective. The Cybersecurity Framework issued earlier this year helps us do that. The Framework’s greatest strength is that it is deeply rooted in how businesses actually manage risk in the real world. In taking a risk management approach, the Framework recognizes that no organization can or will spend unlimited amounts on cybersecurity. Instead, it enables a business to make decisions about how to prioritize and optimize its cybersecurity investments.