Can One Simple Thing Stop Cyber Attacks Dead?
“Cyber defense of DoD systems is [my] highest cyber priority; if DoD systems are not dependable in the face of cyber warfare, all other DoD missions are at risk.” – Secretary of Defense Ashton Carter, April 18, 2015 Cyber security is a leadership issue. Period. Yet, too many boards and CEOs are leaving it in the hands of CIOs, CTOs, CISOs and the like. And even though boards are scrambling to fill open positions with cyber security experts, a 2015 PWC report indicates boards still see cyber security not as CEO matter but as an information technology issue. They’re wrong. Cyber Security Companies Can Only Do So Much Like any cultural shift within an organization it’s going to take time, persistence, hard work and leadership commitment and involvement. Steve Denning, in Forbes, tells us this concerning culture change, “In general, the most fruitful success strategy is to begin with leadership tools, including a vision or story of the future, cement the change in place with management tools, such as role definitions, measurement and control systems, and use the pure power tools of coercion and punishments as a last resort, when all else fails.” It’s not enough to subscribe to a service or simply tell the CIO to implement an information security plan. It’s also not a one person or one department function. It requires each member of the organization to take a proactive approach and to remain vigilant. This only happens if the CEO is engaged, enthused and is a leading advocate of cyber security. Department of Defense Is Doing It Right Earlier this week Secretary of Defense Ash Carter publically released their cyber defense plan. More importantly, Secretary Carter will conduct monthly strategic-level cyber security reviews. Additionally, each level of management below him will dig into deeper detail with smaller sized units reporting their cyber readiness in the Defense Readiness Reporting System (DRRS). I remember very distinctly my three-star boss in 2013 reminding us junior one-star commanders cyber security was commander business and that he would hold us and only us accountable should something go wrong. Trust me, we got the message loud and clear. I understand changing cyber security culture doesn’t sound fun or exciting. There are normally “far more pressing” issues at hand like restructures, reorganizations, buyouts, increasing shareholder value and so on. What happens if the company’s data is breached or held hostage to ransom ware? Won’t this affect everything else? The DoD is the world’s largest employer, has a $600B budget and its mission is national defense. Yet, if Secretary Carter can dedicate his time and attention to cyber defense then can’t CEOs and Boards do the same? Boards Are Getting Serious About Cyber Attacks Boards are hiring more individuals with cyber experience and this is a good start but it’s hardly a panacea.
More Related Content
Viewers also liked
Viewers also liked(13)
Recently uploaded
Recently uploaded(12)
Can One Simple Thing Stop Cyber Attacks Dead?
- 1. Can One Simple Thing Stop Cyber Attacks Dead? g
- 3. 2015 PWC report “boards see cyber security not as CEO matter but as an information technology issue.”
- 5. Cyber security is a leadership issue. Period.
- 6. Cyber Security Companies Can Only Do So Much g gg
- 7. cultural shift s take time
- 8. cultural shift s take persistence & hard work
- 9. cultural shift s take leadership commitment
- 10. Steve Denning, in Forbes Regarding culture change “In general, the most fruitful success strategy is to begin with leadership tools”
- 11. changing cyber security culture doesn’t sound fun & There are“far more pressing” issues at hand
- 12. like restructures, reorganizations, buyouts, increasing shareholder value and so on.
- 13. but What happens if the company’s data is breached or held hostage to ransom ware?
- 14. Won’t this affect everything else?
- 15. Department of Defense Is Doing It Right
- 16. Secretary of Defense Ash Carter recently released His cyber defense plan.
- 17. Secretary Carter will conduct monthly strategic-level cyber security reviews.
- 18. each level of management below him will dig into deeper detail with smaller sized units reporting their cyber readiness
- 19. Although cyber security reporting is new, commander involvement in cyber threats is not.
- 20. my three-star boss in 2013 made it clear to us junior one-star commanders cyber security was commander business
- 21. we got the message loud and clear!
- 22. The DoD is the world’s largest employer & has a $600B budget , Yet Secretary Carter can dedicate time and attention to cyber defense
- 23. can’t CEOs and Boards do the same?
- 24. recently, Boards Are beginning to Get Serious About Cyber security
- 25. Boards are hiring more individuals with cyber experience
- 26. it’s a good start but not a panacea.
- 27. boards are going to have to develop a deeper understanding of all the issues surrounding cyber security.
- 28. they’ll have to go beyond asking the CISO about firewalls, anti-virus protection or cyber security subscription services
- 29. Clint Boulton, a Senior Writer for CIO agrees
- 30. “(Boards) have to embrace it, get a deep understanding and connection to it, and then drive the change… It has to come from top down. That’s a multi-year process and we’re nowhere near the finish line.”
- 31. Conclusion
- 32. Stop cyber attacks by changing culture
- 33. Boards and CEOs are going to have to drive the change
- 34. SHARE Thank you!