The  Blog

 

5 reasons why unsophisticated breaches keep happening

Nov 01, 2022

Mr. Toyoda’s famous “5 whys” – applied to #cybersecurity

1.     Failure to recognize the nature of the system in which cybersecurity lives. It is a complex, dynamic, chaotic and highly adversarial system. It’s not a linear, stable system like bookkeeping. Would you fly on an airplane where the pilots, airline, manufacturer and air traffic control lacked a comprehensive understanding of the entire system?
2.     Number one cascades into structural flaws such as using methods designed for 1) a linear more stable system like bookkeeping, 2) churning on threats more than what needs protecting (counter to everything in investments, sports, military and more).
3.     Number two cascades into data and measurement errors. For example, measuring maturity -- unlike measuring risk in any other business function. When I do board training, this is often asked.
4.     Two and three cascade into flaws in equipment, putting technology at the center. In cyber, why does tech drive up people cost? In other disciplines tech reduces people cost and increases safety. I hear this from board members.
5.     These four flaws crush cyber pros setting them up for failure, burnout and stress. Feelings of “hamster wheel” are far too common. For more, see Lucy in the chocolate factory https://lnkd.in/e6j6BUsY

The 5 Whys are from Sakichi Toyoda (1867 – 1930) - an inventor of textile machinery and the founder of Toyota Industries. The 5 reasons also draw on Kaoru Ishikawa’s (1915-1989) famous “Fishbone Diagram.”

Your opportunity to act today:
* Apply critical, systems and industrial-strength #designthinking as in any other discipline – from electricity to military to music. Learn more at www.thinkdesigncyber.comCyberTheory Institute and the online course coming soon at CyberEd.io
* Focus on what needs protecting with John Kindervag’s authentic #ZeroTrust.
* Outthink enemies - create realistic scenarios that would make engaging movies with Outcomes Accelerator Workshops
* Empower cyber pros like other business functions with the education and coaching they need - tailored for cyber - individually, and in team leadership and organization change.
* Setup cyber pros for success with better methods, culture and work life.

More actionable specifics, reach out with q’s.