When Winston Churchill famously declared, “Gentleman, we've run out of money, now we need to think,” he of course wasn't referring to cyber-security, but he could have been, according to retired Brigadier Gen. Charly Shugg, COO at Sylint, who stressed the importance of having a cyber-security strategy.
Many organisations are not winning the cyber-security war because “we've been strongly indoctrinated that we can buy our way out,” Shugg said during a session at SCCongress Toronto Wednesday. “We should think strategy first, instead of shoot then aim.”
The retired brigadier general suggested that successful military and cyber-security campaigns share a common trait – “they link goals to resources.”
That can go a long way in convincing the senior management to letting loose dollars toward cyber. “When you can tie it to their risk, they pay attention,” Shugg said.
But, he added, it's important to follow through. "We get going so fast to go to decision-makers for budget [but] if we don't put [the solution] in somewhere, it can be a failure," he said. "We have to architect it."
Locking down every security control and guarding against every vulnerability can overwhelm resources and is likely impossible. But focusing on those important to a business can help it better use those resources and shore up security. “Go back to what in your company needs protecting and frame it in your environment,” said Shugg.