How often have you heard someone say “Cybersecurity is complicated!”?

If you’re a practitioner in the cybersecurity industry you’ll have heard these words often, probably along with “…and it’s really boring too!”

Complex, not complicated

Let’s start with the first statement.

In truth, cybersecurity is a complex topic, but that doesn’t mean it has to be complicated. Any programme of change will appear to be complex and confusing if there isn’t a clear process or project in place. I often say it’s like trying to find your way across a busy city without a map – there are many (complex) routes you can take, but it’s not complicated. You just need to find your way from A to Z, which is always a lot easier if you have a map, a guide, and the right tools for the journey.

But our (virtual) cities are increasingly complex because they have been created that way. Over many years of change and innovation, our networks and systems have been upgraded and updated to keep up with the demands of business and customer needs. This has led to a situation where we have created gaps within our infrastructure (both virtual and physical). These then become windows of opportunity for cybercriminals or for data to slip through, unguarded and unprotected.

This complexity leaves us feeling lost and out of control, and unfortunately the issue of data breaches and incidents isn’t going away any time soon.

The size of the problem

As most practitioners and casual observers are aware, cybercrime and data breaches have continued to rise throughout the COVID-19 period. Recently, Verizon released its annual Data Breach Investigations Report 2021, stating there were 1,037 incidents that affected small companies of less than 1,000 employees. The pattern of attacks included System Intrusion, Miscellaneous (Read more...)