Do you have the courage to make the change necessary? Many times I have worked with organizations large and small and there is always a point in time where their management is going to act, or not. There is a time to make a decision and go with it or to defer it, put it off or even not do it.
I have seen this happen even in times of great need and great stress where the requirement for action is imperative and no one makes to move. The results can be very problematic. The management imperative is to not only plan and lead but to act. It is the action that will not only determine your organization’s fate but the fate of that manager. The courage to make the change.
There is a quote that says “courage is a love affair with the unknown.” There will always be that point where you say “I don’t know all of the facts, but now is the time to move.” I have some information and now I have to act in a way that is going to be the best for my organization. It may not be perfect it will be good. Then after the decision is made and the action is taken you move to make adjustments. This process will continue.
In cyber security, it is a constant ongoing process. But the action needs to be first taken. The courage to make the change, and take that action is not all too common. Many organizations just let things slide. These organizations believe that it’s not going to happen to them, they are somehow immune because there has not been an attack so far.
These companies are in the most danger. They are the ones that will certainly get attacked. The unknown of your decision is just that, but the certainty of inaction is that there will be a breach sooner or later. And the belief that inaction will just keep the status quo is incorrect also. An organization’s inaction is actually an action itself, and it has a result also.
When To Move
When to move and when to stay? Do you know that it is time to make that change? Is there a series of steps or reports or meetings that precipitate your moment to make that move? This is a simple answer; move now. Make the first move today. Start the process to recruit a qualified candidate for the CISO position. Start working on a new job description that gives this new CISO the power and the latitude to implement real meaningful change. If you know it will take time to get that CISO in place. Act today to put into place an outside security expert to assist you in the interim and possibly assist you in the search and selection process.
Make the first move to start working on a new direction for your company that says your security is a vital interest and your management team will be involved in it. Courage to make the change will pay off in many ways. Fewer headaches, more peace of mind, better and more profitable supply chain management, lower costs from fewer attacks, will all be the result. But first, you have to make the change. The courage to make the change is necessary, the need is there already.