I’m a chief information security officer, but I like to replace the word “officer” with “optimist” when thinking about how much progress we’ve made in understanding, resisting, and recovering from cyberattacks.
A timely dose of informed optimism may help reassure all of us. The volume of cyberattacks, regulations, defense measures, and just plain noise has increased in the last decade, leading many business owners to wonder whether optimism has any place in conversations about digital operations and persistent cyberthreats.
Yes, it does, for at least the following six reasons.
Technology
Software increasingly is embedded everywhere in our daily business lives—introducing new, unpredictable, and interlinked vulnerabilities. But more software firms are rising to this need—recognizing that greater security also helps make them more competitive. We expect to see data encryption, multi-factor authentication, and other critical cybersecurity features built into the core of more software. These safeguards will become more affordable and within reach of small businesses. And when there’s an incident, data recovery will be more seamless.
Transparency
This is the cyber “nutrition label” we’ve been waiting for. A software bill of materials (SBOM) is emerging which brings transparency and accountability. Business owners will know more about what’s included in the software they purchase and rely upon—a list of “ingredients” so they know if updates are needed when new cybersecurity vulnerabilities come to light.
Collaboration
We’re getting very good at sharing information and threat intelligence among business sectors, governments, and other peers. We now understand we have common enemies. This leads to streamlined public-private partnerships. Our government and industry partners are starting to align the patchwork of laws and regulations to flag cyberthreats and incidents more consistently—helping others to avoid becoming unwitting victims.
Integration
We’re learning to bring IT into the heart of business operations. The financial impact of a significant cyber incident is a business risk, not a technology problem. We’ve learned cybersecurity is more effective and less expensive when we plan for it in the early stages of mergers and acquisitions, or when we onboard customers and receive their data or money. For business owners, cybersecurity isn’t an afterthought but a core business concern.
Focus
Businesses are getting better at pinpointing their top cybersecurity risks. They’re using precise data to focus limited business resources where it can make the most difference—like any solid business analysis. As a small business owner you can access these finer details to make decisions based on evidence, understand your unique risks more fully and factually, and mitigate risks more efficiently.
Talent
A wave of new, trained, reinforcements is on the way with talented cyber workers flooding the zone. Employment of information security analysts is expected to grow by 30% from 2020 to 2030, outpacing the average for all occupations. Higher education has responded to the cybersecurity talent gap, and students are graduating from related programs and majors at a faster pace.
While it’s still true we’re all just one weak password or phishing scam away from a cybersecurity breach, I hope you see why there’s plenty of room for optimism.
What's next?
Help stay optimistic by keeping up your guard. Learn more about how to protect your business from cyberthreats with these six steps informed by the Cyber Readiness Institute (plus a white paper you can download).