Can One Simple Thing Stop Cyber Attacks Dead? g
Can One Simple
Thing Stop Cyber
Attacks Dead?g
Yes. Change the
culture
2015 PWC report “boards see cyber security not as CEO matter but as an
information technology issue.”
The Boards are wrong!
Cyber security is a leadership issue.
Period.
Cyber Security Companies Can Only
Do So Muchg gg
cultural shift s take time
cultural shift s take persistence & hard
work
cultural shift s take
leadership commitment
Steve Denning, in Forbes Regarding culture change
“In general, the most fruitful success strategy is to begin with
leadership tools”
changing cyber security culture doesn’t sound fun & There
are“far more pressing” issues at hand
like restructures, reorganizations, buyouts, increasing shareholder
value and so on.
but What happens if the company’s data is
breached or held hostage to ransom ware?
Won’t this affect everything else?
Department of Defense Is Doing It Right
Secretary of Defense Ash Carter recently released His cyber
defense plan.
Secretary Carter will conduct monthly
strategic-level cyber security reviews.
each level of management below him will dig into deeper detail with smaller sized units
reporting their cyber readiness
Although cyber security reporting is new, commander
involvement in cyber threats is not.
my three-star boss in 2013 made it clear to us junior
one-star commanders cyber security was commander
business
we got the
message loud and
clear!
The DoD is the world’s largest employer & has a $600B
budget , Yet Secretary Carter can dedicate time and attention
to cyber defense
can’t CEOs and Boards do the same?
recently, Boards Are beginning to Get
Serious About Cyber security
Boards are hiring more individuals with cyber
experience
it’s a good start but not a panacea.
boards are going to have to develop a deeper
understanding of all the issues surrounding cyber
security.
they’ll have to go beyond asking the CISO about firewalls, anti-virus
protection or cyber security subscription services
Clint Boulton, a Senior Writer for CIO agrees
“(Boards) have to embrace it, get a deep understanding and
connection to it, and then drive the change… It has to come from top
down. That’s a multi-year process and we’re nowhere near the
finish line.”
Conclusion
Stop cyber attacks by changing culture
Boards and CEOs are going to have to drive
the change
SHAREThank you!