Week 4

Posted by tbaty002 on
  1. What are the costs and benefits of developing cybersecurity programs in business?
  2. How can you tell if your computer is safe?

Cost vs. benefit: Developing cybersecurity programs

Each business must decide for itself what it desires from a cybersecurity program in terms of cost and benefit. A large business with billions of customers, like Amazon, for example, will have a different risk profile than a smaller, local business with customers numbering in the thousands.

Costs associated with starting a cybersecurity program at a business might include the following:

  • hiring specialized cybersecurity staff
  • hiring consultants to train all employees in cybersecurity best practices
  • purchasing specialized equipment, e.g. firewalls, upgrading network hardware, etc.
  • hiring an off-site backup service

Benefits might include

  • fewer cybersecurity incidents causing service outages, therefore increasing revenue by minimizing downtime
  • not having to pay ransom to recover valuable data
  • increased productivity

Is my computer safe?

It is impossible to talk about safety in absolute terms. At best, “safety” is a handy word that usually corresponds to “minimum acceptable risk.”

Consider a house with 100-year-old pine trees in its yard. The house has the latest and greatest home security system installed, which sends an alert to the homeowner’s phone if even a mouse passes wind. There is intrusion detection, all IoT devices are behind a firewall that is constantly updated according to the best and latest anti-virus software. The house is “safe,” right?

But then a hurricane blows through and suddenly these very safe homeowners discover a very large pine tree in their living room.

Could this have been prevented? Of course; the homeowners considered the possibility of cutting the trees down, but after consulting with professional arborists, they decided that the risk of the trees falling on the house was not worth the $10k+ cost.

Similarly, with computers, there is no absolute safety, only relative. You can have all the latest anti-virus software, the newest firewall (hardware and software), keep everything updated, but there still may be some zero-day exploit lurking deep in the operating system kernel that is the digital equivalent of a 100-year-old pine tree smashing through your living room.

Safety, therefore, is merely a term of convenience used to describe an agreed-upon standard of acceptable risk.

Leave a Reply

Your email address will not be published. Required fields are marked *