The work I do with executives always produces a better cyber security result. You may ask yourself why would working with executives be better for cyber security? You need to be working with IT, with technical folks, the engineers, and engineering managers, maybe even IT operations people. But let me tell you a well-worn story I have encountered many times. I go to a customer site with a strong vision good management, and a competent IT staff.
We begin talking about cyber security, we talk about capabilities, challenges our threat landscape. What is in store for data security in the future? And after all of this is done I would many times find that the IT folks decided not to do anything about their security. Even if there is an actual security need that they know needs to get addressed. It may be because of lack of budget, or time, or they will get to it in the last quarter of the year. All of the while they are exposed.
It Comes Down To Priorities
What it really comes down to is priorities. They have a limited IT budget, limited time to do the job they are tasked to do already and they are willing to take the chance something catastrophic does not happen. They are going to roll the dice with your company’s assets. They are now playing with your future at that company. And little do you know about it since you were never told, or even asked.
No one came to you and said. “Boss I am going to handle this cyber security stuff because it is an IT problem, and even though it may affect the company and your future, I can handle it.” If they did you probably would look at things a little harder. And the simple fact is many times you don’t even know this is happening. There is a quote that says “anyone who believes that technology security is an IT problem does not know technology, and they don’t know security.” And since your IT support people believe they can handle it, you don’t find out and you certainly don’t go looking for a security problem.
It’s About Success
It’s all about success and what does it look like to you. Do you believe you are going to have a strong year if you experience a major cyber security breach this year? The odds are that it will not be a strong year; in fact it may turn out to be one of your worst years.
This is why I work with executives. Because executives can get things done and get the company secure is one of the most critical things we can get done. I work with executives because they have the leadership in their organization to urge and compel the troops to pull in the same direction. The executive level will be able to show the rest of the company the way. Sure you may say “but I don’t know anything about technology.” You don’t need to that is why you have security experts to assist you with the process. You do what you do best, and the security experts you hire handle the down and dirty of the technology.
But you don’t need to be an expert in technology to communicate with your people. The executives of a company can do what they do best and that is; communicate. Communicate with their vendors and supply chain, communicate with their customers, communicate with the press. And they can communicate with their employees and turn those employees into a unified team looking for possible security issues.As opposed to a company full of people who are a source of security risk.
Because at the end of the day. Data security is not a technology problem it is an organizational and process problem that sometimes uses technology to combat.