Cyber Security: Defense Only is a Losers Game
Stefan Whitwell, CFA, CIPM
Sought after wealth advisor and tax planner for business owners, executives, investors and philanthropists.
Corporations today are scrambling to implement cyber security plans to keep them out of the news. The problem is that their plans are inherently flawed -- because they rest too heavily on playing defense. Common sense tells us that the optimal plan (and I remind the reader that there is no perfect plan) combines the strength of both defense and offense.
A good example of defense is when corporations reactively buy software and hardware or adopt configurations to prevent new (known) threats. The obvious problem with this is that new attacks are invented every day. This reactive activity prevents yesterday's problems but does little to nothing to address tomorrow's threats.
What does it mean to play offense in the context of cyber security? Playing offense means proactively reducing vulnerable surface area and harnessing your human capital to both avoid risky behavior but just as importantly, use their judgment and collective knowledge to preemptively protect the firm.
Stefan Whitwell, Austin, TX