This article was published in the Summer 2021 issue
by Dr. Kenneth W. Cooper, DCS, CISSP, Founder and CEO, DataPoint Solutions Consulting, LLC
How many people wake up one morning and decide, today is the day I start a business? How many of those same people also said to themselves, this will be easy. I predict the answer ranges from not many to none. I would also say if you are like me, you did not come from a legacy family, that is, you did not have a family business to take over so you had to start from nothing. More than likely, your decision to start a business took many years of planning and preparing.
When someone finally does choose to become a business owner, there are several challenges they will face and need to address to stay in business. Operating and managing your business is only a tiny part of the many activities. For a small business owner, the core of their business is the product or service they offer, not cybersecurity. cybersecurity is something they hear about but do not usually have on their minds. A small business owner is too busy focusing on the core of their business to give cybersecurity a second thought.
However, we must ask ourselves; what can cybersecurity prioritization do to ensure I can maintain and sustain my business? The answer to this question lies in a thorough exploration of why cybersecurity exists in the first place. Before we answer that question, I propose that we frame these questions using Game Theory. So, how is Game Theory applied to cybersecurity in small businesses, and how does Game Theory help shift that focus to trend our business success in the right direction? The answer is that It makes us do what we have a natural inclination to do: think selfishly. We focus on what’s in it for us if we prioritize cybersecurity practices within our business.
Game Theory says to look at everything from a highly rational, self-interest approach- the “what’s in it for me” concept. Small businesses have their own unique challenges when it comes to cybersecurity, yet not every business owner understands specifically what they need to ensure the basic requirements for safeguarding their intellectual property. These are the basics for protecting critical business resources to ensure the success of their business model and the inherently unique nature of small technology businesses. Small business owners are often forced to make budgetary decisions focused only on service delivery that directly generates revenue for the company.
Maybe you approach your decision making with a Zero-Sum game strategy, the premise that for your business to be successful, the competition has to fail, or you're an advocate of Nash's Equilibrium. You lean toward making decisions based purely on a numbers game of what is best for me and my business, not what is best for everyone else. There is one decision that is crucial to protecting your business assets. What is the best way to approach this for my unique business? How you answer that question will have an immediate and direct impact on your future strategies and the decision-making process for your business. How will you prioritize and implement cybersecurity practices into your business?
If we look at the technology industry, playing a Zero-Sum game because there are so many competitors out there is almost a given in most instances, even more so in the mind of small business owners who start a technology-based company. However, because there are, in fact, many companies out there to choose from, it also boils down to a de facto numbers game as per Nash’s Equilibrium. The problem is that the small business owner can often get too focused on the numbers that are only important to their immediate tangible business need- tunnel vision, so to speak. The consequence is that by doing so, this leads to a trend of neglect when it comes to cybersecurity practices.
Cybersecurity exists to do three primary things; those three things are what the small business owner needs to meet their goals, maintain solvency, and provide assurance to all those involved that they can, in fact, continue to do what is necessary- to generate revenue. So, what are the three primary things for the existence of cybersecurity?
The first one is confidentiality, the ability to maintain assurance that only authorized access to privacy and proprietary information is protected and preserved. The second is availability, the guarantee of controlling access, and the use of data. Your ability to provide on-demand access and the timely and reliable use of all information within your environment is governed by availability. The third is integrity, the protection against improper or unauthorized modification or destruction of data itself. Integrity assurance provides a high level of confidence that information is viewed, transmitted, and received as the original creator of the information intended, i.e., no unauthorized modification or changes of any kind.
Confidentiality, availability, and integrity directly impact how a small business can protect information and ensure the integrity, privacy, and protection of their company information and their customers and employees. When business owners understand how essential cybersecurity is to their company’s survival, there is a reduction in the uncertainty that comes with not knowing if they will succumb to a cyber-attack. The latest small business analysis data shows that 60% of small businesses hit by a cyber-attack do not stay in business. Those businesses are never able to recover from that attack.
Cybersecurity is about implementing specific controls within your business to protect what is most important to business owners and their customers. Game Theory is about looking at a self-motivated, self-interested, highly rational approach to achieving victory. Victory can be equated to business success, not just for immediate short-term gains but long-term and future growth and sustainment.
We simply need to look at what Game Theory tells us to do. Focus on what the benefit of cybersecurity is to us. If we do that, then the next logical or, as Game Theory puts it, highly rational step is to prioritize enacting the thing that can directly benefit us the most; the proper cybersecurity practices to suit our specific and unique small business company needs. Nash's Equilibrium can help us play a Zero-Sum game, where we are the winners, and our competitors are the losers. Small business owners need to play the long game and apply a strategy that has shown success. Cybersecurity first and always, thus leading to business success and continued sustainment.
Critical to all businesses and essential to their survival is knowing their information is private and protected.
I have been in the cybersecurity industry for 25 years. I have started multiple technology firms and consulted and worked directly with many different small businesses across multiple states. I can tell you through firsthand experience that when and how you enact your essential cybersecurity control protection practices can make or break your ability to achieve business success. I truly know how very different and challenging it can be to start a business, keep that business solvent, and protect what matters most.
Hi! The Silicon Slopes team is interested in your feedback. We are asking for a couple minutes to quickly provide feedback on our Silicon Slopes quarterly magazine publication. Click HERE and share your thoughts with us. Your responses will help us improve. Thanks!
*Read the latest issue of Silicon Slopes Magazine, Summer 2021