[BreachExchange] Overcoming today's risks and tomorrow's threats with confidence
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Mar 27 18:59:21 EDT 2018
https://www.csoonline.com/article/3265041/data-protection/overcoming-todays-
risks-and-tomorrows-threats-with-confidence.html
As any cybersecurity professional knows, the biggest threat to an
organization is the one that hasn’t been launched yet.
Attackers have become so adept at the element of surprise that they send
their targets into a tailspin whenever a new threat is unleashed – not only
because of the damage that the threat inflicts, but also because no one saw
it coming. This ability to ambush an organization’s cyber defenses
intensifies the effects of the threat and leaves cybersecurity
practitioners scrambling to minimize the damage while continuously looking
over their shoulders, scanning the horizon for the next surprise.
There’s no question that cyber threats have become among the greatest risks
to industry and governments today. That reality is putting an immense
amount of pressure on cybersecurity professionals. From addressing privacy
concerns and keeping up with new data-protection regulations to dealing
with existing vulnerabilities and anticipating coming ones, these
professionals have never had more on their plate, or more at stake.
Yet too often, the skills and resources required to keep up with these
ever-increasing demands and to defend against complex, sophisticated
threats go beyond the scope of what we’ve come to know as traditional
cybersecurity education. Text books and technical IT training alone can’t
create the types of leaders required in today’s complex world -- leaders
who possess the unique and critical ability to devise and execute
integrated, comprehensive cybersecurity strategies for nations and
industries across the globe.
And so, it’s time for a new multidisciplinary approach to cyber leadership
that extends beyond IT.
Today’s hyper-connected world requires a new type of cyber leader who
possesses not only the necessary technical awareness that can be acquired
through education and training, but also whose thinking is influenced by
exposure to a broad range of ideas. Given the cross-function impact of
cybersecurity, these cyber leaders might hail from IT or possibly law,
policy, HR or even the traditional physical security space.
Regardless of their background, they must be able to communicate openly and
with confidence, actively pursuing the advice of others both inside and
outside the organization. This leader must be generous with their time and
knowledge to cultivate information exchange with all types of people. And
while it’s unlikely that organizations will ever be able to truly
anticipate attackers’ next moves, this leader’s broader education and
experience will help create a more holistic view of the threat landscape
and a deeper understanding of potential threats.
Take the example of the recent controversy surrounding the revelation that
50 million Facebook users’ personal data was taken directly or indirectly
by a third-party app and then sold to a voter profiling firm. In response,
US law makers are now looking at how privacy protections such as those laid
out by the EU’s General Data Protection Regulation could help prevent, or
at least punish, such actions.
This controversy isn’t just about the capabilities of modern technology; it
touches on issues of privacy, ethics, politics, and partnerships for any
organization that collects data about its customers or employees. And the
end result could have financial, regulatory, and public relations
implications. Knowing how to lead an organization through such a
complicated scenario and the ensuing fallout demands much more than
technology chops. It requires a well-rounded set of skills; not the least
of which is the ability to quickly understand the impact of current events
and pivot accordingly.
How does this new cyber leader hone these skills? By being exposed to
disciplines that aren’t necessarily related to their area of expertise,
whether it’s IT, policy or psychology. This can be challenging -- law and
policy, human behavior, and technology are at times in conflict with one
another. In order to make sense of these colliding forces and to determine
the path forward, these new cyber leaders will have to develop effective
strategies that leverage and unite their organizations’ stakeholders in
technology, law, and policy.
With these skills, these leaders will be able to:
- Understand the security, human, and privacy implications of emerging
technologies, such as big data, cloud computing, mobile computing, social
networks, the Internet of Things, and blockchain
- Gain proficiency in identifying vulnerabilities, anticipating attacks,
using monitoring tools, and developing defensive strategies
- Build organizational resilience, crisis management, and response
capabilities
- Have the capacity to defend organizations against known threats while at
the same looking ahead to anticipate the threats of tomorrow
- Recognize that there’s no such thing as 100% security, and rely instead
on strategy as the best security
With this new, multidimensional approach to leadership, cybersecurity
professionals will be armed with the ability to set comprehensive security
strategies for their organizations. In this blog, we’ll examine the
challenges cyber leaders face and how possessing the right skill sets and
perspective can help them overcome today’s risks and face tomorrow’s
threats with confidence.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180327/2be33d70/attachment.html>
More information about the BreachExchange
mailing list