Stop Multiplying your cybersecurity investments by Zero!
You invest X million dollars protecting your assets, and then you multiply it by Zero! Cyber Security is multiplicative, not additive.
More and more tech is being bought, and more being produced each day, to secure ‘crown jewels’ of organisations. I like keeping things simple, so I’ll say it like it is. STOP Multiplying your cybersecurity investments by Zero!
You could have a fortified $100 Million vault protecting your crown jewels, completely secure, but if the key is in enemy’s hands — you’re multiplying it by zero!
It is multiplicative, not additive. I will go into an explanation on this, but I want to begin with 2 simple analogies that will help me explain my point better. We are all mostly familiar with the following:
- The weakest link in the chain.
- Achilles Heel
The weakest link in the chain.
You are already very familiar with the analogy of the weakest link in the chain. Your chain is as strong as the weakest link.
The chain will break at the point it is the weakest, no matter how strong every other link is, or how much you invested in each link.
In Greek mythology, when Achilles was a baby, it was foretold that he would die young. To prevent his death, his mother Thetis took Achilles to River Styx, which offered powers of invulnerability and dipped his body into the river, holding him by the heel, so the heel remained vulnerable as it was not touched by the powers of the river!
In this story, read Achilles as the ‘organisation’, Achilles’ Mother as the ‘Management Team’ and the heel as the ‘human layer’. The ‘river of invulnerability is all the security tech being bought, to protect Achilles (the organisation), but if the proverbial mother (management team)holds on to the ‘heel’ (the human layer) and does not dip it into the ‘river of invulnerability’ (aka Continuous Adaptive Security) we are doomed to be vulnerable, unfortunately. At HumanFirewall we call it the ‘Human Operating System’ being left vulnerable, which when left unprotected, can be your ‘heel’, your weakest spot!
Google’s AI engines believe it to be humans too, as do many other empirical studies on data breaches.
Now to the main essence of our conversation.
Multiplying by Zero! (Multiplicative System)
Armed with these 2 analogies, my analogy of multiplying by zero will be simpler to explain.
1 X 2 X 3 X 4 X 5 X 6 X 7 X 8 X 9= 362,880 (Defense in Depth model)
but if we replace one of those numbers with ZERO, the answer is ZERO.
1 X 2 X 3 X 4 X 5 X 6 X 7 X 0= 0
CyberSecurity spend of $100Million (multiplied by) ZERO = ZERO
Let me take another example to make my point. Just like there are multiplicative systems, there are additive systems too.
The 7-Course meal (Additive System)
Organisations believe they are in an additive environment, but in most cases, they are not. To explain the difference, I will take an analogy.
Let’s say you go to a restaurant — you sit down for a 7-course meal: You start with great hors d’oeuvre, great soup, great appetizer, great salad, great main course, semi-decent dessert, and pathetic mignardise. Now, this is additive. Your meal was great overall except that the mignardise was pathetic. It does not sum up to ZERO. The rating goes down but it is not Zero!
In cyber, unfortunately, we are not so lucky. It is a binary proposition, the hacker will either get the data (aka crown jewels) or not get it!
To conclude, I want you to join me in this movement to let every person responsible for managing organisations (CXOs, Boards, Founders, CISOs, CIO among other custodians) know that in holding the proverbial heel (as in Achilles heel), you Madam Thetis are multiplying your trip to the river (cyber security investments) by ZERO!
Cyber Security is not additive, it is multiplicative! — Ankush Johar