The cyber security herd effect

spotted hyena, predator, wildlife-3474798.jpg

Close your eyes and imagine the African Savannah, you are a “be”wildebeest grazing away happily when an alert is raised and the entire herd of 100s of animals suddenly takes to the plains to outrun whatever the alarm was raised for.

This time it was a single lioness looking for an easy meal, but the herd stuck together and was able to get away from Africas apex predator with only a single casualty, an old wildebeest with the name of ‘Ryan’.

a herd of antelope, tanzania, africa-1232674.jpg
Wildebeests somewhere in Africa

‘Ryan’ had a problem, a problem that he wasn’t even aware of, as he was eating well and grazing the best tucker, he failed to recognise that he was becoming fat and losing the muscle condition that he would need to save his life one day, and that was that… Ryan became a victim….

Open your eyes again (obviously we are not being literal here).

The cyber security herd

Cyber attacks, unless you are a big brand name, large financial or a government utility are highly random. Most cyber attacks are not targeted, are not Advanced Persistent Threats or APTs – the vast majority of the cyber security industry advertises otherwise, of course and are not well planned. Lastly there are not that many attacks at all as detailed here, cyber security is like insurance and it is better to have insurance than not have insurance, up to a price point anyway.

The cyber security herd effect, is having enough cyber resilience to not be Ryan, not be the weakest/or least aware animal (Business) in the herd.

Just as in nature, in business, the fastest spend more resources to get away and still have the risk of running in the wrong direction and being compromised, at the every least they overspend on their projects which does not create additional security, it causes a burden to security teams who manage the organisations security.

The businesses who stick in the middle of the herd as far as cyber resilience is concerned are making the most of their cyber security budgets to provide themselves with Just Good Enough (JGE) security measures, they are also the businesses who will make the right purchasing decisions when it comes to cyber security spending as Software vendors come and go, product verticals also change and vendors get snapped up by one another and products sun-setted or merged into other less desirable product sets.

In summary

The best place to be in an cyber crime world full of Hyenas (Criminals are not Lions!) is the middle of the herd, do not be at the rear, do not be the weakest. equally, there is no point being at the front as it is very easy to make an error that costs significantly more than the total problem that you are trying to solve, unless you are a global brand, large Financial, government org or utility.

Please contact us here if you would like further information or assistance with any cyber security questions.

Leave a Reply

Your email address will not be published.