Do you know the difference between a Crevasse and a gap? A gap is a hole in the trail, an obstacle to cross or a small crack you can jump over. But a crevasse is much different; a crevasse is a serious obstacle, a gap so wide that to get over it you are going to have to do something different. You are not just going to be able to jump over it. You are not going to get around it so easily and be on your way. And if you mistake the crevasse for being merely a gap in the road, you are going to fall in and there are very bad things that happen after that.
Many times the obstacles we deal with in the business world are a gap. We close the gaps and move on to the next project. It is straightforward and relatively simple. A crevasse is not so simple. A crevasse will swallow you up and make you wish you had been more alert, and more prepared.
The Cybersecurity Crevasse
It does not take a genius to see that we have a serious problem with cybersecurity today. There are examples of it all around us. Just pick up a newspaper and look at the latest headlines that week. Among them will be a story about a major data breach. And it is getting worse.
Just look at the latest Equifax breach of the loss of 143 million Americans personal records to understand we have a long way to go, and we are not just going to be able to get around this problem. Look at this example a little deeper and it confirms my suspicions. It took Equifax over a month to even discover they had been breached. The average major breach it takes close to four months for the victim to discover. A lot of damage can be done in a month, even more, can be done in four months. This has to change.
How to Cross It
So how do we cross this great divide, this crevasse of being vulnerable to being cybersecure? First, we need to understand it is a crevasse and not a gap. We have to recognize it for what it is. We are not going to just hire a security guy and get past this. It is going to take a concerted effort. An effort that requires leadership and serious thought. It is also going to require technical expertise, reliable people.
There will need to be training, from the lowest employee to the highest management. Every one of those people is part of what is called the attack surface in the cybersecurity industry. This is the amount of area that is vulnerable to attack. All of this planning and preparation, adjustments to how we do business is going to take a lot of effort. And that effort starts from the top. So you can see to cross this crevasse we are going to have to things differently.