1 minute read
The Wooden Match
dedicated to stealing your data and making you pay a ransom for the privilege to exist. There are countries with cyber armies in the tens of thousands that can see your vulnerabilities at the speed of light from half a world away. Even beginners have enough free tools and training at their disposal to become a threat in a matter of weeks. Each of these enemies is more dedicated to stealing data that our leaders are not prepared to protect.
It is understandable if you cringed at that last sentence; however, it is the second issue we are missing as leaders. The bad guys are far more committed to stealing organizations' data and encrypting their systems than leaders are to protecting them. This is not an issue of competence but one of time and culture. Cybercriminals have the luxury of being singularly focused on attacking. All of their research and development is aimed at breaking into systems and making money on data theft and encryption. Because of a lack of understanding about cybersecurity issues at the highest level of most organizations, the commitment to protection is nowhere near the commitment of invasion, handing the bad guys an enormous advantage. The third issue is that there is a lack of written down, understandable, and enforceable policies guiding our organizations through this crisis. Companies must have all aspects of their infrastructure and employee cyber hygiene under control, or there will be an attack. The visibility of organizational vulnerabilities is staggering and invisible. Any misstep can immediately be detected. The only way to counteract this is with written down policies, procedures, and guidelines that are understood and followed by everyone. A framework like the Nist 800-53 or the ISO 27001 must be implemented and taught.
I understand that this is a massive undertaking for leadership. Other responsibilities take our time and attention. This problem must be solved by understanding, then delegating. A competent Chief Information Security Officer is a first step. However, leaders can delegate authority but not responsibility. The responsibility to keep data safe still falls on them. Every leader must understand who the enemy is, how they behave and why. They must push a leadership culture through a framework and be as committed to protecting their organizations as the bad guys are to attacking them.
