How to make good business decisions about the spectrum of cyberthreats

Ray Rothrock, CEO of cyber-defense firm RedSeal, explains how to weigh each threat and respond appropriately.

How to make good business decisions about the spectrum of cyberthreats

TechRepublic's Dan Patterson asks RedSeal CEO Ray Rothrock about making good business decisions and how to assess each threat appropriately. The following is an edited transcript of the interview.

Dan Patterson: If I'm a decision maker at a company or a government organization, and not just jobs, but perhaps the security of sensitive information is on the line. We do see this spectrum of cyberthreats out there. My job isn't necessarily to be a cyberthreat expert, but how do I make a good decision about proportionality of how to take what threats seriously, and how to kind of find a middle ground with threat? All of these attacks will continue to exist, and I have to deal with it, I have to kind of fit my own resiliency inside of a budget. How do I do that?

Ray Rothrock: Yeah, that's a very good question, and it's a fundamental question. The pre-question to that is, what matters to you? What data is important to you? Where does that data live? Who is operating and maintaining that data for us? In order to know if a threat's a real threat, you got to know if you've got the data that's interesting to that threat. So I think the first step is, you've got to look at yourself and it matters to you. If you have one bank account and you bank online, for example, and you decide for yourself, If I lost that bank account, I would be in trouble. My company would be down. Then don't bank online. That's a decision you can make. So you got to know what's important. Once you know what is important to you, then I think you do have a gradation, if you will, about segmenting the activities of the people, segmenting the technology of the network, and making sure the two fit on top of it.

SEE: IT leader's guide to big data security (Tech Pro Research)

There is no doubt, you are going to have to spend money on cyber. It's like water and electricity, you were going to have to do it to stay in business. So it comes with priorities, and I think that's where you start that conversation. I don't have an ROI, a return on investment, I don't have an algorithm to help you there, you just have to decide what's important to you. Equifax, was it important that they be able to maintain that 143 million records? Probably. So they should've spent a lot of money to do that, and they didn't.

Also see