Back in the mid-1990s, I had the privilege of meeting Peter Drucker, who many refer to as the “Father of Modern Management.” For me, perhaps one of his most insightful comments was that “the greatest danger in times of turbulence is not the turbulence – it is to act with yesterday’s logic.” Drucker, who passed away in 2005, could not have foreseen what a societal focal point cybersecurity would be today. But his words resonate especially in the context of the highly challenging threat landscape menacing organizations of all sizes and types across the globe today.
The technology landscape – and by extension, the global digital economy – is evolving at a remarkable pace while rendering many traditional business models defunct and legacy systems incapable of supporting enterprises’ abilities to effectively and securely realize the positive potential of today’s technology. Factor in a rapidly changing legal, regulatory and compliance environment, along with exponential growth of security challenges from sophisticated and opportunistic cyber criminals, and it is quickly apparent that enterprises relying upon yesterday’s logic is indeed a recipe for danger.
Predictions of growing cyber troubles in 2018 populate all the major search engines and publications. It didn’t take long for any illusions of a smoother ride for enterprises and their security teams in 2018 to be dashed in the first week of January when the Meltdown and Spectre processor vulnerabilities created widespread consternation. While none of us can be sure what and when the next cybersecurity crisis to jar the enterprise landscape will be, boards of directors have received fair warning that there’s no time like the present to give cybersecurity its just due on their agendas.
Rather than relying upon yesterday’s logic, embracing strategies required to safeguard our enterprises today and tomorrow is a must. The new year presents an ideal time for enterprises to recalibrate their security posture. While organizations cannot control all elements of an ever-expanding attack surface, they can ensure they are placing themselves in the best possible position to increase focus on what they can control, and deploy their resources accordingly.
This means investing in performance-based training for their workforces. ISACA’s 2017 State of Cyber Security research shows that practical, hands-on experience is viewed as the most important qualification for cybersecurity candidates, even more so than a credential itself – and with good reason, given the complex and highly technical nature of their work. Investing in a highly skilled, well-trained workforce – and keeping it that way – provides the needed foundation for organizations to protect their most valued assets.
While providing real-world training is a critical piece, optimizing the impact of that training requires organizations to have the right people in place. Considering the well-documented global shortage of cybersecurity talent, grooming network specialists, data analysts and other employees with related skills can allow organizations to fill gaps on their security teams. This is especially necessary for smaller organizations that are not equipped to outbid competitors for upper-echelon applicants. Recognizing the need to hire and empower more women in the tech workforce also must be part of enterprises’ mindsets when it comes to bolstering their workforce.
Ultimately, for there to be confidence in the boardroom about security capabilities, enterprise leaders need the ability to assess their organization’s cyber resilience, quantitatively and qualitatively, and compare themselves to competitors in their industries and geographic areas. Possessing these insights will allow boards of directors and executive management to create road maps that make the most sense for their organization, and even provide board directors the rarest of commodities in this era – some peace of mind that they are on the right track. Next month I will share further details on how ISACA will support this important endeavor.
There is no question we are living in times of turbulence, but these are also times of unprecedented opportunity for enterprises to harness technology to connect with customers in innovative ways. As long as we are prepared to move beyond yesterday’s logic, we need not allow the lurking dangers to hold us back from an exciting future built on the promise of inspired innovation through technology.