Preparing for an attack that breaches your defenses is the best way to minimize the damage it can do.
July 18, 2024
Eugene Mymrin/Getty Images
Post
Post
Share
Annotate
Save
Cybersecurity experts and the companies that employ need to let go of their prevention mindset and adopt one focused on resilience. A prevention mindset means doing all you can to keep the bad guys out. A resilience mindset adds a layer: while you do all you can to prevent an attack, you also work with the expectation that they still might break through your defenses and invest heavily preparing to respond and recover when the worst happens. Companies that have successfully built resilience have done a few things differently: built a culture of cybersecurity, prepared and practiced their responses to cyber attacks, embraced “secure by design” principles, and put in place communication processes so they can respond no matter what happens.
There’s a common — but serious — mistake cybersecurity experts make: they focus all their resources on keeping malicious actors out of our system. It’s an understandable misstep. Protecting ourselves from potential cyber breaches is a critical part of the job. Even so, it’s impossible to be completely protected from every vulnerability. That’s because the good guys must protect against every possible vulnerability, while the bad guys only need one small crack in a company’s armor to get in.
New!
HBR Learning
Digital Intelligence Course
Accelerate your career with Harvard ManageMentor®. HBR Learning’s online leadership training helps you hone your skills with courses like Digital Intelligence . Earn badges to share on LinkedIn and your resume. Access more than 40 courses trusted by Fortune 500 companies.
Excel in a world that’s being continually transformed by technology.
Start Course
Learn More & See All Courses
-
KP
Keri Pearlson is the executive director of the research consortium Cybersecurity at MIT Sloan (CAMS). Her research investigates organizational, strategic, management, and leadership issues in cybersecurity. Her current focus is on the board’s role in cybersecurity.
Post
Post
S