Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Can One Simple Thing Stop Cyber Attacks Dead?

8,630 views

Published on

“Cyber defense of DoD systems is [my] highest cyber priority; if DoD systems are not dependable in the face of cyber warfare, all other DoD missions are at risk.” – Secretary of Defense Ashton Carter, April 18, 2015

Cyber security is a leadership issue. Period. Yet, too many boards and CEOs are leaving it in the hands of CIOs, CTOs, CISOs and the like. And even though boards are scrambling to fill open positions with cyber security experts, a 2015 PWC report indicates boards still see cyber security not as CEO matter but as an information technology issue. They’re wrong.

Cyber Security Companies Can Only Do So Much
Like any cultural shift within an organization it’s going to take time, persistence, hard work and leadership commitment and involvement.

Steve Denning, in Forbes, tells us this concerning culture change, “In general, the most fruitful success strategy is to begin with leadership tools, including a vision or story of the future, cement the change in place with management tools, such as role definitions, measurement and control systems, and use the pure power tools of coercion and punishments as a last resort, when all else fails.”

It’s not enough to subscribe to a service or simply tell the CIO to implement an information security plan. It’s also not a one person or one department function. It requires each member of the organization to take a proactive approach and to remain vigilant.

This only happens if the CEO is engaged, enthused and is a leading advocate of cyber security.

Department of Defense Is Doing It Right
Earlier this week Secretary of Defense Ash Carter publically released their cyber defense plan. More importantly, Secretary Carter will conduct monthly strategic-level cyber security reviews. Additionally, each level of management below him will dig into deeper detail with smaller sized units reporting their cyber readiness in the Defense Readiness Reporting System (DRRS).

I remember very distinctly my three-star boss in 2013 reminding us junior one-star commanders cyber security was commander business and that he would hold us and only us accountable should something go wrong. Trust me, we got the message loud and clear.

I understand changing cyber security culture doesn’t sound fun or exciting. There are normally “far more pressing” issues at hand like restructures, reorganizations, buyouts, increasing shareholder value and so on. What happens if the company’s data is breached or held hostage to ransom ware? Won’t this affect everything else?

The DoD is the world’s largest employer, has a $600B budget and its mission is national defense. Yet, if Secretary Carter can dedicate his time and attention to cyber defense then can’t CEOs and Boards do the same?

Boards Are Getting Serious About Cyber Attacks
Boards are hiring more individuals with cyber experience and this is a good start but it’s hardly a panacea.

Published in: Leadership & Management
  • Be the first to comment

Can One Simple Thing Stop Cyber Attacks Dead?

  1. 1. Can One Simple Thing Stop Cyber Attacks Dead? g
  2. 2. Yes. Change the culture
  3. 3. 2015 PWC report “boards see cyber security not as CEO matter but as an information technology issue.”
  4. 4. The Boards are wrong!
  5. 5. Cyber security is a leadership issue. Period.
  6. 6. Cyber Security Companies Can Only Do So Much g gg
  7. 7. cultural shift s take time
  8. 8. cultural shift s take persistence & hard work
  9. 9. cultural shift s take leadership commitment
  10. 10. Steve Denning, in Forbes Regarding culture change “In general, the most fruitful success strategy is to begin with leadership tools”
  11. 11. changing cyber security culture doesn’t sound fun & There are“far more pressing” issues at hand
  12. 12. like restructures, reorganizations, buyouts, increasing shareholder value and so on.
  13. 13. but What happens if the company’s data is breached or held hostage to ransom ware?
  14. 14. Won’t this affect everything else?
  15. 15. Department of Defense Is Doing It Right
  16. 16. Secretary of Defense Ash Carter recently released His cyber defense plan.
  17. 17. Secretary Carter will conduct monthly strategic-level cyber security reviews.
  18. 18. each level of management below him will dig into deeper detail with smaller sized units reporting their cyber readiness
  19. 19. Although cyber security reporting is new, commander involvement in cyber threats is not.
  20. 20. my three-star boss in 2013 made it clear to us junior one-star commanders cyber security was commander business
  21. 21. we got the message loud and clear!
  22. 22. The DoD is the world’s largest employer & has a $600B budget , Yet Secretary Carter can dedicate time and attention to cyber defense
  23. 23. can’t CEOs and Boards do the same?
  24. 24. recently, Boards Are beginning to Get Serious About Cyber security
  25. 25. Boards are hiring more individuals with cyber experience
  26. 26. it’s a good start but not a panacea.
  27. 27. boards are going to have to develop a deeper understanding of all the issues surrounding cyber security.
  28. 28. they’ll have to go beyond asking the CISO about firewalls, anti-virus protection or cyber security subscription services
  29. 29. Clint Boulton, a Senior Writer for CIO agrees
  30. 30. “(Boards) have to embrace it, get a deep understanding and connection to it, and then drive the change… It has to come from top down. That’s a multi-year process and we’re nowhere near the finish line.”
  31. 31. Conclusion
  32. 32. Stop cyber attacks by changing culture
  33. 33. Boards and CEOs are going to have to drive the change
  34. 34. SHARE Thank you!

×