Threats are on the rise: even wearable devices are incorporated into “the surface of the attack.” The fate and future of cybersecurity are both daunting and encouraging for the Senior Technology Manager (CIO, CTO, CISO, CRO). We learn how to anticipate possible attacks. But the c-suite must step up its game in several areas.
There was something that raised the stakes last year. Data infringement reports blew up. The subject of the daily headlines, the dinner topic, was Cyber mainstream. According to the Identity Theft Resource Center, U.S. data violations reached record highs of 783 reported incidents in 2014. This is an increase of 27.5% for one year.
In the earlier part of downtown Washington, DC, the speculation was that a cyber attack is to blame–not the weather, defect of devices, or fire. The speculation was immediate. What was the “what if?” assumption or dark contingency planning once common. What did it look like?
When the cyber threat became more prevalent, it moved upstream. The protection of data has become the c-top suite’s priority. It developed from the “to do” list of items to a board of directors. One of the threshold issues that might reduce a CEO’s tenure was the risk of a cyber attack – and a sniffy reaction.
Some people have learned the hard way; now, many other people are approaching cybersecurity quietly in a different way. Senior technology managers are tired of being a step back. They are now taking an active and anticipatory approach to preparation and advocacy, with a view to developing criminal patterns and active actors on the horizon.
The shift is similar to what took place in a natural disaster, where communities can now take preventive measures before a storm hits by using the predictive weather data. And if the cyber threat awaited us, organizations would be very well-formed. This is not the case, however. There is a fundamental change to the “attack surface.” And cybersecurity is going to become personal here.
In the coming months, organizations will face new threats against medical data, connected vehicles, cellular payment systems, and the “Internet of Things.” Emergent technologies such as wearables create new risks: employees with a compromised smart clock can come to work. You can move your connected hacked vehicle into the parking garage of your company.
Another vulnerability is waiting for oppression far removed from the corporate IT ecosystem as a chip-embedded container for laundry detergents in an employee’s laundry room.
This scenario increases the traditional firewall environment to a third dimension–a risk between the two. And another layer of readiness is required. The public persona of an employee now–not just the laptop or even the BYOD smartphone that your company supplies – creates risk.
Senior technology leaders must raise their organization’s approach in five areas in order to prepare for what lies ahead.
Defense: get active
Any technology managers must follow an emerging trend: to adopt a more dynamic and proactive approach to cybersecurity. “Active defense” measures using an integrated model are now a necessity, not an experiment. Cyber strategies are now using real-time intelligence and evaluation data for shaping decision-making, defending and anticipating threats.
Leadership: syndicate the risk
Too often, an IT problem with an IT solution is treated with a cyber threat. However, as the stakes increase, cyberattacks now affect all parts of the organization. Product development, or-organization strategy, HR, legislation, marketing: everybody plays a part in the preparation, defense and response. Risk and responsibility are critical to be distributed throughout the organization. Anything less will lead to a flawed approach – and a shortened tenure for the technology manager.
Systems, product development: think cyber.
Historically, speed-to-market is the leading driving force from product design to the implementation of systems. Cyber security considerations once were an afterthought: now, though largely retroactive, they are becoming a consideration. IT leadership must take a fundamental turn to ’embedded security to lead cybersecurity as a driver in product and system development.’ The change in the internet is of paramount importance as the attack surface expands.
Incident response: cut through the hype.
The market is overcrowded with “incident response” capabilities, with cyber as a mainstream and board-level issue. It’s a “buyer care” environment fed to the company buyer. Includes the correct balance of multi-disciplinary expertise – such as crisis communication, legal, policy, business, and technical communication? What about the people behind it and the methodology that is being proposed step by step? With the stakes increasing, leaders need to look closely at solutions for incidents.
Preparation: practice or perish
An efficient cyber reaction requires two conducts that do not naturally occur to large organizations. Firstly, there must be a combination of different areas such as business units, law, HR, and marketing, in a matter in which cooperation has been limited. Secondly, they need to do it fast with an operating speed that the daily business often lacks. The only way to achieve or get the required degree of readiness is by means of collaborative planning and real-time simulation exercises. You’re going to fail without practice.
There is little doubt:
In the fight against cyberattacks, we are entering an entirely new phase. Increased activity, public concern, and the board review placed cybersecurity at the top of the agenda while driving progress in preparedness, defense, detection, and response. But now is the time for the C-suite to rethink its approach with new, “personal” cyber threats arising. This can prevent them from learning the difficult way.