Nearly every company in the world, along with every government and non-profit, has data they need to protect. Cybersecurity is now a daily requirement.
But how do cybersecurity professionals determine how much protection is the right amount of protection, and what it should cost?
This month Gene Shablygin, CEO of the cybersecurity firm WWPass, spoke with Calbright cybersecurity students to explain his company’s best practices for evaluating security, countering threats, and keeping data safe.
Shablygin introduced cybersecurity students to the concept of “right-sizing” cybersecurity, in which the value of the data being protected is compared to the cost of different strategies to protect it. His formula is composed of four parts:
- The “value at risk” (VR) is what might be stolen, and what that loss might cost the company;
- The “cost of protection” (CP) is what it costs to protect the data being protected;
- The “value acquired” (VA) is how much cyber criminals will get for the data they’ve stolen;
- The “cost of the breach” (CB) is how much it costs them to get it.
With these values accounted for, the amount a company should pay for cybersecurity is the intersection of the values:
- VR > CR (the value at risk should exceed the cost to protect it), and
- VA < CB (the value cyber criminals will get for a successful breach) should be less than the cost of making that breach.
That’s a rubric that will likely be helpful throughout a cybersecurity professional’s entire career, and it was just one of the topics Shablygin covered with his future industry peers.
Some of them are also likely to be the eternal truths of the industry: Compromised credentials have been the leading cause of security breaches for over 20 years, and will likely be the leading cause of security breaches in the future.
Other topics are much newer: Mobile phones and 2-factor identification are now a leading approach to cybersecurity, but phones have their own vulnerabilities and security needs that must be considered.
And of course, Artificial Intelligence raises a whole new set of cutting edge opportunities and security crises.
The presentation was also an opportunity for students to make contact with an industry leader, ask questions, and become better prepared for their own future careers. Which, from start to last, is what Calbright is all about. It’s one of many such events offered each year.
A video of the session is available to Calbright students.