"Security Poverty Line" Takeaways

The concept of “security poverty line” is an interesting angle describing the haves and have-nots - How to survive below the cybersecurity poverty line published by CSO Online and written by Michael Hill.

All business owners (small to midsize business) should read this article and evaluate where they lie on the security poverty line.

There are three viewpoints I would like to highlight for further discussion. If you are a business owner in the northern New Jersey area and would like a sounding board, please reach out to me for a no obligation conversation about security and technology risks you may be facing.

1.????Security by obscurity is not a policy anyone should leverage. The notion that a company is so small that they aren’t a target has already been disproved. Bad actors are often opportunistic and will take advantage of any vulnerable organization. I can provide a list of over a dozen online search engines that can find anything on the Internet… anything!

2.????Small businesses often lack access to technical expertise, whether that’s in-house or advisory. Bootstrapping is very common for business owners when first starting out, but then, success sets in; crossing $1M, then $5M and before you know it you have a real business. It is also not unusual that organic growth led to compromises along the way; compromise in cybersecurity certainly is one of them. Accountants, bookkeepers, virtual assistants, sales, and maybe even attorneys were hired or contracted, but technical experts… not so much. ?

3.????Small businesses can improve their security posture by taking a risk-based approach. Yes, the IT or cybersecurity budget doesn’t need to break the bank. Taking a risk-based approach helps to determine the organization’s risk appetite or (equally important) risk capabilities; what are the threats and gaps that should be addressed from an assessment that identified expected frequency and loss magnitude.

Which would you address first, a risk scenario that has a:

(a) 20-30% event probability with a $1M – $2M loss magnitude

(b) 10-20% event probability and $8M - $10M magnitude

(c) both

(d) it depends

If you haven’t identified your risks, you’re already taking them.