SPICE it up and gain that funding for your security operations

Don’t have time to read? Start listening to this blog post now:

First, let’s have storytime. The following is a real story told by a former Town Councillor in Lunenburg County, Virginia:

“In 1989 I became chair of the Solid waste committee as a councillor with the Municipality of the District of Lunenburg in Virginia. I kicked off a study on how to best reduce and recycle household waste. At this time, it was most common to either burn waste or dump it all in massive landfills. The conclusion of our study was to pursue an innovative solution at the time (common today) of source separation and a composting facility.

The time came to fund the initiative, proposed at $10,000,000. This was to be the largest single expenditure the Municipality had ever made. After the motion passed, the Mayor called for discussion. After 20 minutes, the mayor called for questions and there was only one—“Do you think this is a good idea?” Moments after I responded emphatically ‘Yes!’ we took a vote and the initiative passed unanimously.

We moved from spending $10,000,000 in a half hour to considering other tenders. One was for a pair of snow tires for a county vehicle. The tender was for 2 tires at $60 each for a total of $120. This kicked off a debate, because one councillor had just bought his tires and only paid $57. The debate nearly reached the point of a physical altercation before a break had to be called. It was eventually decided that staff will buy a pair of tires for the best price. After the 40 minute debate, and the ensuing research effort, we were able to save $2.00.

People are funny. They argued over $2 but a $10,000,000 expenditure went through on my word! Would they have accepted my word on the tires? Absolutely not. Everyone is an expert in tires, or at least they think they are. As a sidenote, we brought the solid waste project in on time and slightly under budget. And I still lost the next election. Those who stood up for the taxpayer and ‘saved’ $2 were re-elected. I was the guy who made people sort their garbage. 25 years later it is still the right thing to do.”

Now, what does this story teach us from a cybersecurity spend perspective? The biggest lesson—when people do not understand an issue well, they may tend to skim the surface of details and issues. However, if it is something they own, or feel they understand, they are willing to dive into details and fight for credibility. The reluctance of some organizations to provide adequate funds to their Cybersecurity departments stems from this lack of understanding. Without actually knowing the subject matter and why preparing for incident response and Cybersecurity awareness trainings is so important, company leaders are not likely to see the value and actually start allocating significant funds towards such activities. The most effective way to tackle this issue is to educate, educate, and educate yourself and your leadership team about the field and the potential damages non-compliance might incur to your business.

The second lesson is that this psychological tendency is simply not surprising – people’s complex attitudes toward money often defy economic theory. Prelec says our spending habits are based on an accumulation of rules, like “I never take a taxi unless it’s an emergency” or “I won’t pay for a new technology for my business unless we can justify it in terms of ROI.” Those rules, he says, are designed to keep us out of financial trouble, and we suffer a sting of guilt whenever we break one. So changing a person’s psychological attitude towards money spending (even as a business) is very difficult.

Based on many psychological studies, the key to change someone’s opinion is simplified to SPICE:

SIMPLICITY: Keep your message short, sharp, and simple to convince people it’s true.

PERCEIVED SELF-INTEREST: social engineers often agree it’s the key to getting us to do something we didn’t think we wanted to. So be sure to focus on the benefits to the person whose mind you want to change, rather than emphasizing your own wants and wishes and emotional history (NOT: I’ll be sad if you don’t, BUT: You’ll be happy if you do).

INCONGRUITY: Surprise people – tell them your pens are 400 cents rather than four dollars and they’re far more likely to buy it.

CONFIDENCE: The more confident you are, the more people believe you’re right.

EMPATHY: Look people in the eye, nod when they nod, and tell them you understand where they are coming from as far as their concerns go.

We encourage you to keep this story in mind the next time you have to stand your ground and defend the importance of following certain procedures, investing in cybersecurity and other operational tasks to keep your company as protected and as ready-to-respond as possible.

😎 Nehemiah Security Named a Gartner 2020 "Cool Vendor"Learn More