It’s a widely believed view by leaders that their organization is either one that has already experienced a cyber-attack or one that will be a target of an attack in the future. A more accurate conclusion by those who study this field suggests reality is somewhat different. Their assessment is that every organization falls into one of these two categories: It’s either already been attacked and knows about it or it’s been attacked and doesn’t know about it. Bad guys don’t always leave a calling card. Even more alarming, with many cyber-attacks being orchestrated over long periods rather than sudden attack-and-grab approaches, an ongoing effort may be underway right now without organizational knowledge.
Sometimes it’s worth reminding ourselves that the most important skills and tools for organizational success aren’t the ones that cost a lot or are difficult to execute. Often they are the forgotten fundamentals; the mundane but effective techniques that can really help. Developing and using metrics, even in the smallest team deep-down in the org chart, is one of those areas. Get started or re-embrace your commitment to metrics and you’ll be pleasantly surprised at the results.