Many high-profile cybersecurity breaches occur when hackers target an organization's weakest link: it's people.
Over-reliance on technology and failure to apply the human factor can leave& companies exposed to attacks, leading to the loss of valuable intellectual property, reputation, and revenue. From the IT trenches to the C-suite, the right people must be organized in the right ways to make security programs work. Three key areas that deserve the board's and CEO's attention are:
Expertise and Staffing
Accept that you will be compromised. A "win" in today's cyber-threat environment is defined by how quickly and effectively your company is able to respond to hackers and extricate them from your systems. It requires a significant level of manpower and expertise on a daily basis, but there is no substitute for it today. A properly organized and staffed security team requires people with a variety of skills and certifications to deploy the technologies, understand the threats, determine hacker motives, fix vulnerabilities, and deflect attacks. Security leaders need the management skills to put the right processes and procedures in place, advocate for security requirements, and communicate risk to corporate leaders. Defensive technologies cannot be used to full advantage without highly skilled people who can turn the data into actionable intelligence.
Leadership and Accountability
Communicating cyber- security priorities is no longer just an IT job. It requires a tone at the top. Those of us leading the company must ensure that employees appreciate the cybersecurity risks, understand the risk tolerance, and support agreed-upon mitigation strategies. Business enablement often trumps security in the interest of going to market quickly, and only business leaders can ensure that checks and balances are in place to hold management and employees accountable.