Consistency is key

Even though it’s obvious, you cannot rely on your past performances when it comes to keeping fit. Your cardiovascular fitness will start to decline after about one to two weeks of inactivity. For strength and muscular fitness, it lasts a bit longer, but you’ll begin to see a decline after two to three weeks of inactivity.

Working with cyber and information security is very similar. You cannot feel confident that your past efforts will keep you safe in the future. Your past efforts will always be valuable as building blocks for future improvements, but when attackers hit you today, you cannot point to the good things you did last year. As we have experienced for many, many years now, keeping your company safe is a cat and mouse game, or to be more precise, an arms race. The moment you stop training your employees, keeping your technology up to date, or start making decisions that compromise security, you have lost.

We focus more on equipment than we should

Most ways of keeping fit require some sports equipment or gear, and I’m sure most have thought that if I buy a bit more expensive gear, I’ll perform a little bit better. It’s just natural, we search for easy solutions, and nothing beats buying that extra performance. In reality, most of us who do some sport as hobbyists have more than good enough equipment already. But instead of losing a bit of weight, we look at ways to shave weight off our bike with more expensive parts, or we try to find a few seconds on our 10k by buying the more expensive running shoes.

The same goes for working with information security. Most of the people in the field of cyber and information security come from an IT and technology background and naturally love new tech. So we continuously tend to focus more on new shiny tech than fixing what we already have or focusing on helping our employees to be a bit safer in their day-to-day work. If we spent half the time we do searching for the next new tech on improving the technology and human assets we already have, we would quickly see results.

There are no earth-shattering takeaways here. Past performance is no guarantee of future success; you need to be consistent to keep ahead, and you should focus on improving what you’ve got before searching for the next new thing.