If you’ve seen my previous blogs, then you know it’s about time for another blog related to another Sci-Fi movie. Since Star Wars and Star Trek have been covered, I thought I would share my take on a more recent movie: Guardians of the Galaxy Vol. 2 (even though Tim has covered the whole Marvel universe).
Why? One of my all-time favorite characters is Baby Groot, and for good reason:
- Baby Groot is adorable…even the villains note that
- The movie has some great music that Baby Groot jams out to
- I can relate to Baby Groot having difficulty articulating needs and goals – I see that every day with cyber risk.
For those who haven’t seen the movie, Baby Groot is a sassy little tree that only Rocket (the raccoon) understands. (Really, if you haven’t seen the movie, I suggest you stop reading now...spoiler alert!)
Like all the Groots from the Marvel comics, Baby Groot has only one phrase in his vocabulary--“I am Groot”.
This comes to a head toward the end of the movie. The audience is left on the edge of their seats with a do or die moment as Rocket tries to explain a detonator to Baby Groot...
Rocket: Alright, first you flick this switch, then this switch...that activates it. Then, you push this button, which will give you five minutes to get out of there. Now, whatever you do, don’t push this button because that will set off the bomb immediately and we’ll all be dead. Now, repeat back what I just said.
Baby Groot: I am Groot.
Rocket: Uh-huh.
Baby Groot: I am Groot.
Rocket: That’s right.
Baby Groot: I am Groot (pointing at death button).
Rocket: No! Now, that’s the button that will kill everyone. Try again.
See the whole scene here
You get the point. This dialogue happens a couple more times before Baby Groot decides to run off to the spot where he needs to go and start the process. (Spoiler: They live...Baby Groot does hit the right button!)
Now, you’re probably sitting there thinking, Thanks for the recap…but Chels, where are you going with this?
Let's put this in context of a board meeting:
CISO: The Russian hackers are increasing their skills and are able to overcome this control we have in place.
The Board: How much risk do we have?
CISO: Well a lot, because the hackers have developed more sophisticated skills for overcoming this control.
The Board: How much risk do we have?
CISO: We have a lot. There are other threat communities that have been also increasing their skills and targeting us too.
The Board: How much risk do we have?
CISO: Well if I get this $50,000 tool I will reduce it a little bit.
The Board: How much risk do we have? The conversation didn't get anywhere and nothing was decided. What if instead the CISO was able to take a report like the one below to the board? The conversation would probably go as follows instead:
CISO: The Russian hackers are increasing their skills and are able to overcome this control we have in place.
The Board: How much risk do we have?
CISO: Well because they are able to access this database with 90% of our PII, they pose an annualized loss exposure between $26,000 and $79 million.
The Board: How can we fix this?
CISO: Well if I get this $50,000 tool I will reduce the annualized loss exposure to between $2,000 and $32.4 million. Is this acceptable ?
The Board: Yes, please get this tool and start implementation.
RiskLens enables information risk professionals to answer any and all questions on cyber risk in dollars and cents—and leave those board meetings dancing happy.
Baby Groot image: Marvel Studios
More from Chelsea Brunson:
What Does RiskLens Risk Reporting Tell Me?
Present Cyber Risk Reports to the Board that Spock Would Approve