Positive Security

Saturday, 19 October, 2019

Technology has changed the world, and made us better connected than ever before. Over 5 billion people now have a mobile device, public services are getting easier to use, entire new business models have sprung up. The world is awash with data and connections; the need to protect all them has never been more important.

The 14th edition of the World Economic Forum’s Global Risks Report listed two cyber security risks in its list of the top five. Most of those surveyed expect both the theft of data/money, and the disruption of operations and infrastructure will increase. That makes sense: as the pace of change continues to rise, people will still - naturally - want to take the easy path. The bad guys will always try to steal valuable things.

Don’t feed the FUD

At the same time, the field of cyber security, and vendor marketing in particular, has become dominated by “fear, uncertainty and doubt” (FUD). The message is increasingly swamped by weird and sensationalist terms that confuse and alarm.

To put it another way: a lot of effort goes into proving how things go wrong.

We think it’s time to put more effort into making things go right.

Ask before assuming

At Cydea, we don’t like to assume that we know everything about your business and your industry up front. We recognise that the world is more complicated than that.

So we don’t start with preconceptions. Instead, we work with your senior leadership team to understand how your organisation really works. Our guidance helps those leaders make better decisions about all aspects of security.

We believe in security that puts user needs first, and that’s objectively informed by the data that’s available. That’s better than relying on subjective opinions. In many circumstances, gathering that data can be - should be - fully or partially automated.

We take a realistic, pragmatic view of the threats that your organisation faces and the methods you might use to protect against them. Our approach is rooted in understanding people and relationships, because they are just as important to security as computers and networks.

We don’t believe in magic bullets or quick fixes. We think it’s better to invest in sustainable, usable security; in measuring the right metrics to track success. That’s how to make more things go right.

How we can help you

If you:

  • need help defining or validating a new cyber strategy
  • are ready to ditch your subjective 5x5 risk assessment
  • want to measure and demonstrate return from security programme

… we can help.

We work with all different functions and levels within your organisation, and with teams that draw on specialists in security, data, technology and design. We measure things, make informed assumptions and then revisit these regularly to iterate, refine and ask: “Why are we measuring this and what is it telling us?”

We’re not afraid to ask the difficult, hard-to-face questions. We think it’s ok to ask “What needs to be protected?” even in well-established organisations whose leaders might think the answer is obvious. Organisations change a lot over time; that answer will have changed a lot in the last five years, but the security policies might not.

We make a point of communicating clearly with everyone, throughout our engagement, so there’s no room for ambiguity.

This is how we collectively share a better understanding of the situation. Everyone can converge around a more certain position.

Positive security is about confidence

Cyber security shouldn’t be about FUD. It starts with understanding. It’s about managing risk and having confidence that you’ve done the appropriate things to achieve your goals.

This is what we mean by positive security. If it sounds like something you agree with, and you’d like our help, send us an email: hello@cydea.com.

Let’s make more things go right.