Jarrett Kolthoff | January 14th, 2023



It is always the right time to work toward improvement.

Whether you’re among the small contingent of Americans still pursuing their New Year’s resolution or an executive strategizing how to streamline operations, growth is a worthy target at which to aim. One goal for 2023 I encourage every business manager to set is to work daily to improve the cybersecurity maturity of your organization. The complexities of the threat landscape make doing so difficult to the point of approaching overwhelming. Fortunately, there are several strategies leaders can adopt to make optimized cybersecurity an organizational reality beginning today.

Abandon the Status Quo

In 1973, despite observing an aggressive movement of troops, the Israeli military was surprised by a sudden attack from opposing forces. The attack both catalyzed the ‘Yom Kippur War’ and led to the creation of a new strategy: The Tenth Man Rule. In basic terms, this strategy requires the final person within a leadership team to dissent from the prevailing point of view if it’s shared by all others to ensure opposing perspectives are considered. Boardrooms would be better served by adopting a similar methodology when it comes to decision-making, particularly regarding cybersecurity policies, processes, and partnerships.

It’s often beneficial to have a balanced scorecard and corresponding strategy map to follow and optimize performance metrics. But what falls outside of the ‘best practice’ purview is to never re-evaluate their contents. Just because a business has always acted following a specific playbook that has generally been effective does not mean it should never revamp or take a fresh look at cybersecurity.

Even if your business has never experienced a debilitating cyberattack, there is danger in assuming that your current cybersecurity posture is what’s keeping you safe. While you may be doing everything right, regular audits of your cyber maturity should be part of an ongoing process. I encourage leaders to challenge the status quo—do not rest on your laurels amid a chaotic threat landscape—and ensure you are maintaining a position ahead of threat actors’ developments. Seek out the perspective of the tenth man every time.

Expand and Deepen Strategic Partnerships

What a Tenth-Man Review will likely reveal is there are some gaps and vulnerabilities within your organization that, when exploited, will completely disrupt operations and put client data at risk. These disturbances, however, can be greatly mitigated with the proper proactive measures.

The chances are your business model does not include a designated internal cybersecurity team that engages in a continuous cycle of active monitoring and threat remediation. Nor should it. Entrepreneurs launch businesses because they’ve found a niche in the market, created an opportunity, followed an internal passion, or built a better mousetrap. Unless cybersecurity is the core business focus, cybersecurity is rarely at the forefront of strategic development.

As such, it’s vital to identify areas of cybersecurity your firm cannot optimally develop in-house and invest in building partnerships with experienced professionals. Providing industry-leading cybersecurity is a 24/7/365 endeavor that not every entity can create or manage for itself. If your business lacks the capabilities and capacity to maintain a team that can do the work day in and day out, the responsibility of cybersecurity should be offloaded.

Acknowledging areas of weakness is a strength. Because cybersecurity is a 24/7 uncompromising commitment to those whom you serve and whose data you house, building a sub-optimal defense should not be a consideration.

Elevate Collaboration Enterprise-Wide

Collaboration is one significant component of strong cybersecurity practices. Whatever your business relationship with a cybersecurity team—in-house or outsourced partnership—it’s a necessity to ensure they work hand-in-hand with those responsible for establishing the acceptable risk posture for the organization enterprise-wide. Simply outsourcing without questioning, verifying, or learning along the way how your environment is secured is not an acceptable response.

Whomever you have tasked with internal cybersecurity processes and policies, whether it be a CISO or IT Manager, must be on a first-name, direct-line basis with someone on your cybersecurity team. By maintaining regular contact with your cybersecurity team, you’ll receive consistent updates regarding the threat landscape and industry best practices. Outsourcing cybersecurity does not mean taking an entirely hands-off approach; it more accurately means collaborating with a team of experienced engineers and analysts in a trusting and mutually beneficial relationship.

The nature of the threat landscape is unpredictable. The mitigation strategies of challenging the status quo, building strategic partnerships, and strengthening organizational collaboration will go a long way in re-focusing your core business processes and strengthening your cybersecurity posture.


Connect With Us

Featured Articles

DNS Tunneling
DNS Tunneling: New Tactic To Scan Networks and Track Victims
10 June 2024
Mastermind Behind LockBit Ransomware
Mastermind Behind LockBit Ransomware Unveiled and Charged
07 June 2024
Unchecked User Privileges
Unchecked User Privileges: How to Counter
03 June 2024
Cloud Migration
Cloud Migration Impact on Network Security
28 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.