For many people, the arrival of a new year brings an urge to commit to making changes. It is seen as an opportune time to fix perceived or actual issues in their personal lives. Popular resolutions include launching an exercise program, reducing stress, and eating healthier foods. However, according to an article published by U.S. News, within six weeks, 80% of those resolutions have fallen by the wayside. While failed resolutions may bring disappointment to individuals, failed cybersecurity resolutions can result in severe consequences for an ISP, including potential liability issues and the loss of subscriber trust.
Why Resolutions Fail
Before proceeding with the discussion, examining why personal resolutions typically fail might be helpful.
- Resolutions are promises. Promises are usually easier to make than to keep. A promise can be made without first evaluating what will be required to keep it or without creating an actionable plan for fulfilling the promise.
- Resolutions are often unrealistic or unattainable. For example, individuals may promise themselves that they will lose 100 pounds between January 1 and February 14, but they will have little likelihood of success.
- Resolutions rarely include detailed plans. Every January, gyms are filled with people who have resolved to get more exercise. By the end of February, the crowds have thinned considerably. Many people sign up for gym memberships without having a plan to allocate the time to commute to and from the gym as well as the time spent at the gym. Individuals who already have hectic work or family schedules often find that they cannot carve out a block of time to visit a gym three or four times a week.
- Resolutions often fail to consider whether the individual has the knowledge or skills to fulfill the task. For example, creating a healthier diet plan that is nutritionally balanced will require either prior training or excellent research skills. Planning will also be important so that the individual will know how to deal with unexpected overtime, family gatherings, or other situations that could upset the dining routine.
- Resolutions that are made in an effort to please others frequently fail. Many people resolve to lose weight, update their wardrobe, reduce their expenses, or remodel their homes because they think that their family members would be pleased. Often, however, there has been a breakdown in communications, and what the individual perceived was not what was desired by those who inspired the resolution.
Why ISPs Need Goals, Not Resolutions
Goals and resolutions can be quite different. Examining these differences can be beneficial.
- One critical difference is that a goal will be much more specific than a resolution. Goals are clearly defined, but resolutions can be extremely vague.
- Goals include actionable steps. An ISP might resolve to enhance cybersecurity, but the resolution must be converted to a series of goals representing the necessary steps that must be taken.
- Goals are ranked by importance; resolutions are often assigned the same relevance.
- Goals include an initial timeline that defines the length of time it will take to reach the goal. The timeline will be realistic and based on a careful evaluation of the overall process. Resolutions can be made without having even a general idea of what will be involved.
- Goals incorporate milestones and tracking methods to measure progress. Resolutions typically omit these.
Suppose the CISO of an ISP makes a personal resolution to enhance the company’s security. To maximize the chances of success, the resolution must be converted to a goal by evaluating all of the following.
- What specific elements will need to be addressed? What are the critical vulnerabilities? Are there legal requirements that must be addressed by bolstering security?
- How will success be defined? In other words, what is the purpose of the enhancements?
- Are there a sufficient number of staff members with the proper skills? How will the enhancements affect their current schedules? How will the enhancements make their jobs easier or less stressful?
- Is the budget in place to fund the enhancements? Is there a contingency plan to find additional funding if overruns occur?
- Has the overall goal been broken down into a series of subordinate goals? What are the specifics and timelines for each of the subordinate goals?
- How difficult or complex are the subordinate goals? What impact will difficulty and complexity have on the overall goal?
- Is the project being undertaken for the right reasons? Are the choices the right ones to provide the right solutions?
Threats to ISPs are not likely to diminish during 2020. If you need help enhancing security for your subscribers or your entire infrastructure, contact Abusix today to learn more about the services we offer.