Imagine you are hiking in the mountains, and a snake crosses your path. This is a basic and straightforward threat; you know the best course of action is to back off and let the snake disappear. There is fear, uncertainty and doubt, but the risk you face and how to mitigate it is obvious.
There was a time when the concept of fear, uncertainty, and doubt (FUD) made sense for cybersecurity.
Cyber threats were once much simpler, and so were the responses. You had little to worry about if you had good passwords, antivirus software, and a firewall. The threats were basic, so the fear of those threats and how to respond to them were also basic.
Businesses and economies were also considerably less digital. They had computers, people sent emails, and being connected was important. But most computer systems and their applications resided in-house. Networks primarily shifted data; connecting software services and API integrations were fringe use cases. The average employee used two or three applications, not dozens. Virtual collaboration was a luxury, not a necessity.
Welcome to the digital undergrowth
Today's business world looks very different, full of convoluted trails, undergrowth, and rugged terrain. Digital technologies have improved operational speed and performance but have also made business environments much more complicated. The chance of stepping on a snake is much bigger, and there are strange noises coming from beyond the treeline, possibly a predator looking for a soft target.
Those predators are cybercriminals, an emboldened group with many tactics to get what they want. But they are not alpha predators. They are scavengers. Cybercriminals are mostly opportunistic. They will pounce on any target they think is vulnerable, testing the limits to find a gap.
It's not a space where you should respond with fear, uncertainty, and doubt. Instead, you want to stay a step ahead of those scavengers. For example, packs of animals moving through thickets do not let their young languish behind or get lost. They keep them in the middle of the pack, making it much harder for predators to get an easy shot. They are not motivated by fear or uncertainty. They know what is valuable, and they take steps to protect them.
FUD is out. Knowledge, visibility, and action are in
FUD still dominates cybersecurity conversations and sales tactics. This approach needs to change.
Instead of blindly trying to protect everything, smart companies make an effort to discover what is most important to them and most likely to attract online criminals. Rather than try to protect everything equally, which costs more yet is less effective, they focus on their priorities. Risk-based approaches replace fear with knowledge, uncertainty with visibility, and doubt with action.
Humans and other living creatures are hardwired to respond to FUD. Psychologists call this negative bias. It provides a mental triage in dangerous situations that saves resources and responds quickly. But it's too late to be proactive if you are in a desperate cybersecurity situation. Then, you must hold on and do what you can to come out on the other side.
FUD is reactionary, not preventative, yet many security sellers rely on this principle. They focus on isolated problems, not risk-based conclusions, because that makes it easier to trigger fears that keep selling new solutions, reacting instead of preventing. FUD is not a good way to tackle today's digital dangers.
The answer is through risk management, where you proactively look for the best outcomes based on your priorities. The natural conclusion is that you want to work with security partners who think in terms of risk, not FUD. They deliver answers based on your priorities, not your fears.
Performanta is a strong proponent of risk-based proactivity. It's why we've created proactive solutions such as our Encore security analysis platform, our holistic and managed Safe XDR service, and the security market's first Risk Operations Centre, based on Gartner's Continuous Threat Exposure Management (CTEM) framework.
Leave the fear, uncertainty, and doubt behind. Protect your most valuable and vulnerable assets with certainty, visibility, and knowledge. Any provider that tells you otherwise is more interested in selling than solving.
Comments