-optimized.jpg){kind=avatar}
When it comes to cyber defence, mindset inertia is dangerous, writes Dave Silke, Managing Director, EMEA and APAC, at the cyber firm Centripetal.
There exists a quiet acceptance that โthis is just how things are nowโ when it comes to cyber breaches. That cyberattacks are inevitable and that breaches are the cost of doing business in a digital world are simply things that we have told ourselves for years. Itโs become the mindset – the inertia.
Inertia in a leadership context refers to the tendency of systems (especially large bureaucratic ones) to resist change and maintain the status quo. Tony Blair notes in his book On Leadershipย โIdeals survive through change. They die through inertia in the face of challenge.โ
In the realm of cyber security, the concept of inertia can be particularly dangerous. The mindset that โattacks will happen at some point,โ is essentially accepting reactive inertia, responding only once attacks have occurred.
And that mindset is costing organisations millions in the case of Marks and Spencer (pictured) and many others. Communities are being disrupted, confidence is being shaken, and emotional turbulence is at a high, as people feel their work, and their company are no longer secure. And yet, many boards still treat cyber risk as a line item on the budget. Something to โabsorb.โ Something that will happen โwhen, not ifโ and waiting for an attack to force action.
ย
The inertia crisis
As a result, cyber security has become reactive by design. We investigate the past instead of shaping the future. We analyse the breach instead of preventing the next one.
The obsession with forensic investigation can arguably be put down to a whole host of technological and even business reasons but it also sits firmly alongside current trends in society. Human behaviour to โneed to know what happenedโ. The difficulty being that forensic investigation and deep dives through documentaries and true crime podcasts showcase patterns, and risks that others can avoid, which is not the case for cybercrime.
Cybercrime doesnโt lurk in the shadows; it is often opportunistic, and approaches and attacks vary. There aren’t many out there who will disagree that technology is evolving at a pace that can be hard to keep up with. So, why are we still investing so much time money and effort into the ‘forensic investigation’?
Because people naturally cling to the familiar, even when the familiar no longer works, and especially when an alternative feels out of reach.
Cognitive biases like status quo bias, loss aversion, and confirmation bias convince leaders that legacy tools and policies are โgood enough.โ They can seek comfort in the fact that they and their peers are trying, but the cyber criminals are just โtoo goodโ. But thatโs exactly what they want soon-to-be victims to think.
ย
Intelligence can block 99pc of known threats
There is another path. One shaped not by fear of the next attack. Threat intelligence has been used by governments and militaries for decades. Now, AI-powered and machine-learning-driven platforms bring that same capability to everyday businesses. They deliver pre-emptive, proactive protection, not reactive remediation.
We know that more than 99pc of exploited vulnerabilities involve threat intelligence. The issue isnโt the lack of intelligence, rather itโs that organisations are drowning in it. Billions of indicators flood in daily, far beyond the IT departmentโs human capacity.
But today, intelligence-powered solutions have changed that. We can apply billions of Indicators of Compromise at wire speed, blocking 99pc of known threats before they reach the network. All in real time.
And intelligence works across corporate networks, cloud infrastructure, mobile devices, on-prem workloads, and DNS and stops the threats that move faster than any human can think before they hit your network.
ย
Intelligence not just for the military
Thereโs a belief that threat intelligence is too complex, too expensive, or too โmilitary-gradeโ for most organisations. That belongs in the past.
Today, intelligence-driven cybersecurity is accessible and cost-effective for businesses of all sizes. Threat intelligence is now affordable, accessible, and can be applied in real time to make a real difference.
Boards worry about cost, and yet the cost of traditional thinking and succumbing to mindset inertia is truly visible for all to see. The M&S attack could potentially have been prevented with modern threat intelligence in place.
Culture also plays a huge role. In many organisations, risk avoidance is rewarded more than innovation. Thatโs how mindset inertia embeds itself. We know that nearly three-quarters of transformation initiatives fail because leaders canโt overcome this very inertia. But we cannot afford for cybersecurity to become another casualty of outdated thinking.
Changing the mindset
When threat intelligence can prevent 99.99 per cent of breaches, the โif not, whenโ mindset needs to be firmly left behind. Attacks can be prevented long before they become news stories, budget lines, or career-defining crises.
No more budgeting for ransomware. No more sleepless nights wondering โwhat if.โ No more accepting that attackers will win because they move faster.
Human and technological intelligence can deliver a more secure, more proactive, more resilient future. This isnโt just a cybersecurity shift. Itโs a mindset transformation. And the companies that embrace it will not only safeguard their organisation; they will set the standard for tomorrow.
See also the company’s blog: https://www.centripetal.ai/blog.
