The threat posed by overconfidence
–Jeetu Patel, Cisco
Economist Daniel Kahneman’s life’s work (he died last month at 90) was to point out how irrationally we behave, including telling the Guardian that if he had a magic wand, he’d most like to correct our overconfidence.
The Titanic’s sinking may have been due to overconfidence. Investors’ ideas on moves they should make in the stock market wind up costing them 4%. And now we have the Cisco 2024 Cybersecurity Readiness Index Report. This is a double-blind survey* of over 8,000 business and cybersecurity leaders. The findings show the greatest cybersecurity weakness is a disconnect between overconfidence that their business will be able to avoid a disrupting attack and their analyzed readiness for avoiding disruption. To be exact: 73% of business leaders anticipate an attack in the next two years, but a surprising 3% were shown to be prepared for such an attack.
The Cisco report shows cybersecurity overconfidence stems from a reliance on disparate cybersecurity tools. While such tools may offer a baseline defense, they can create blind spots and slow down a business’ ability to respond to an attack.
A coordinated security stack, by contrast, allows all your tools to work together, providing a unified defense posture. This enables a swift and coordinated response to threats. A unified defense includes:
- Perimeter Security Harden endpoints (devices accessing the internet) and implement threat detection/remediation measures.
- Internal Security Train employees on data management and communication practices.
- Physical Security Secure software, hardware, access points (keycards), documents, and devices (USB drives). A zero-trust framework can help manage physical access.
- Incident Response Plan Be prepared to handle an attack, including containment, eradication and recovery.
- Long-Term Response Learn from each incident to improve your defenses.
- Cloud Security Ensure your cloud-based assets are protected.
Why do we provide coaching only to kids who play sports?
I watched North Carolina State upset Duke with its better-on-paper roster (check out the highlights especially from about the 9-minute mark). But a talented roster that’s poorly organized can be vulnerable. A lack of orchestration can leave gaps in the defense and make the team susceptible to well-executed plays by the other team.
An integrated security stack is like a well-coached team with good communication. Each player understands the assignment and they work together well. Defense is coordinated, people are on the same page and adjustments are made quickly to counter what the opponent is doing. This coordinated effort cuts the chance of defeat and helps push the team to victory.
The Business Solution
The bottom-line worry in the Cisco report is that 80% of companies feel moderately to very confident in their ability to defend against a cyberattack. The disparity between confidence and readiness suggests that companies may have misplaced confidence in their ability to navigate the threat landscape and may not be properly assessing the true scale of the challenges they face, Jeetu Patel, Cisco’s Executive VP, General Manager of Security says.
Consider an integrated security platform that coordinates your defenses. By adopting a layered and integrated approach to cybersecurity, you can minimize downtime, protect your data, and safeguard your reputation. A coordinated cybersecurity strategy is the key to a strong defense.
To begin to find out if an integrated security stack is right for your organization, consider a complimentary 15-minute consult with Roy Pacitto, or contact Roy at ITExperts@Bryley.com or 978.562.6077 x2.
* A double-blind survey aims to eliminate biases by not revealing the sponsoring organization to either the researchers or the people being surveyed.
Lawrence writes about networking and security. He’s written for Bryley since 2015.