Cybersecurity

At the RTIME event held by the NTCA in Orlando, I was part of a panel on cybersecurity called Cybersecurity: Do You Have a Plan to Address Threats and Prevent Liability? Cybersecurity has been a research interest for me, specifically investment in cybersecurity. I think investment in cybersecurity is imperative for communication providers, especially given the presentations from the other members of the panel. Tony Veach of Bennet & Bennet, PLLC laid out many of those reasons why it’s important and how communication providers can manage laws, regulations and threats.

 

Jeff England, CFO of Sivler Star Communications, gave us great insight into the NIST Cybersecurity Framework and the best practices from the FCC, he also detailed the cybersecurity practices of his company. Jason Ackley, CNO & Sr. Vice President of Technical Operations at Codero Hosting, went into some of the scary details of the cybersecurity threats that are out there which really sank home the risks that communication providers face.

 

I presented how the investment in cybersecurity we all know we need to make can be thought of as an opportunity. Many people see cybersecurity investment as a black hole that sucks up time, money, and many other resources like lost investment opportunities. And many of those people have resigned themselves to the idea that this is just the price of doing business in the information age. But what I wanted attendees to keep in mind is that we are in the information economy, and that means new business opportunities.

 

Cybersecurity black hole

 

But first: what are some of the benefits from a good cybersecurity investment? You hope your cybersecurity investment results in you not being successfully attacked. But if you achieve that, you can’t be sure that all your efforts produced the return on your investment that you expected. If you were not successfully attacked, it could be that the investment was good or bad. For example, maybe your investment deterred an attack, but it’s possible a much smaller investment could have also deterred the attack. Or if you were attacked but not successfully, then you may have deployed the right amount of cybersecurity, or you possibly deployed more than was needed for the sophistication of the attack. The table below illustrates that challenge with cybersecurity investment.

 

Good Investment Bad Investment
Attacked Prevented breach or successful attack Prevented breach or successful attack
Not Attacked Deterred Attack Deterred Attack

 

Nevertheless we know that investment in cybersecurity is something that has to be done, and the NIST Cybersecurity Framework is an approach to mitigate some of these investment challenges. But besides reducing the risks of successful attacks, what other returns can we look for?

 

One benefit is that the cybersecurity framework and process encourages collaboration across departments. Those collaborations create relationships as departments work together for a common outcome. In cybersecurity we’ve seen that threats could come from attacks to any department. This makes cybersecurity an organization-wide concern. Ideally, the collaborative relationships that are formed should pay dividends when the organization faces other problems that span departments.

 

Another benefit is better alignment between departments in the organization with respect to each department’s challenges and initiatives. The framework is a process where each department assesses the risks to their processes and systems. Investigating how those processes interact with other departments can highlight areas where the departments can work together to improve efficiencies and mitigate challenges.

 

With collaboration and alignment will come better understanding between departments about how each contributes to the success of the other and the organization as a whole. That understanding will highlight where dependencies exist. It can also show that a little extra work in one department might create large savings in another department.

 

It’s clear that there are some benefits beyond risk reduction. In part two of this blog, I want to discuss a little about the communities that communication providers serve. Check back on Thursday to read more.