The clock is ticking down on 2019. Soon people around the world will be toasting in the new year with glasses of champagne and singing Auld Lang Syne. Regardless of whether the past year has been good or bad for you, the new year is perceived as a clean slate—a brand new chance to change things and do better. It’s also a time that many people make resolutions—commitments to themselves of the goals they have for the year ahead.
Cybersecurity doesn’t generally make anyone’s list of New Year’s resolutions. Most people are focused on being healthier or more successful, improving or finding new relationships, or maybe just personal goals like learning to play the piano or taking a trip to Thailand. I have a suggestion, though, for a cybersecurity New Year’s resolution you might want to add. Resolve to focus on the goal of cybersecurity, and not to get distracted or bogged down by methods and tools.
Should Auld Cybersecurity Be Forgot
I don’t claim to know what the lyrics of Auld Lang Syne actually mean. It probably makes some sense if you’re from Scotland, but most of the poem by Robert Burns is comprised of old Scottish phrases that look like someone was typing on a broken keyboard. The main phrase, though, “Auld Lang Syne” roughly translates to “old long since,” and is generally interpreted as some variation on “for old time’s sake.”
I’m going to borrow and bastardize that theme. Should old cybersecurity be continued for old time’s sake? There is—or at least shouldn’t be—anything “sentimental” about cybersecurity. It either works, or it doesn’t. If the cybersecurity you have keeps you up at night because you’re not confident that it will protect your network, applications, and data, perhaps 2020 is a good time to change your cybersecurity strategy?
Focus on the Outcome, Not the Tools
There is a vast array of cybersecurity tools, platforms, and services out there to choose from—an overwhelming number of choices, really. When reviewing your options and making a purchase, consider what you’re trying to accomplish.
It is unlikely that your objective is to learn everything there is to know about firewalls, antimalware, intrusion detection, threat intelligence, security event monitoring, indicators of compromise (IOCs), and the myriad of other solutions and tasks that go into effective cybersecurity. It is even less likely that your goal is to become an expert in all of these things so you can properly deploy, configure, manage, monitor, and respond to security incidents.
For most organizations and most people, the goal is effective cybersecurity. Just as you would seek the help of a medical professional rather than trying to obtain the equipment and learn how to perform your own medical procedures, or how most people take their vehicle to a professional mechanic rather than buying the necessary equipment and learning how to maintain their own cars, it makes sense to work with cybersecurity professionals who already have the tools and skills you seek rather than trying to do it yourself.
As it turns out, working with professionals also ends up being more cost effective. I don’t know how you managed cybersecurity in 2019, but I recommend for 2020 that you consider the simpler and more cost effective approach and resolve to focus on the goal of effective cybersecurity you can trust.