Complete Cybersecurity Never a Slam Dunk

Cybersecurity

WHAT? The app and download I just bought from that online vendor won’t stop hackers? Bummer. Seems that cybersecurity is a very complicated and complex part of technology. Not just a quick fix. Firewalls and such are not the answer. With Equifax just being breached with a massive “hack” this is a very topical article. Just ask a couple of CEOs sitting in front of Senate committees. Should have paid for the “premium package” for that app.
(Bill Taylor/CEO)

“Jamie holds a challenging, daunting position at her highly reputable organization. She’s in charge of cybersecurity. She drew the short straw, and now her board of directors — made up of investment bankers, former C-level executives and current leadership — has set an expectation that it won’t be the next company on the front page of the Wall Street Journal for having a major security breach.

“Are we secure?” the board members ask, expecting a confident response from Jamie. The answer to this looming question is never a straightforward “yes” or “no,” and Jamie knows this. But how does she communicate that to the board of directors? It’s complicated, complex, difficult to track, scary and expensive. This multifaceted problem can’t be solved by simply buying another security device. It takes a programmatic, trackable, risk-based approach. It takes time and perspective.

Like Jamie’s board of directors, stakeholders in most organizations want the peace of mind that comes with confidently knowing secure practices are in place. Unfortunately, most aren’t aware of all that is involved in getting there. Cybersecurity remains among the hottest points of contention when speaking to leadership, executives and corporate boards across the globe. The problem: What is needed for a company to be secure varies greatly, and no one seems to understand how to capture exactly what it is or how to manage it. Non-technical leadership is required to make business-sensitive, strategic decisions on cyber-centric matters, and often with a lack of knowledge of how to make such conclusions. Through client trials, industry perspective and a benchmark for what “good” looks like, I’m hoping to help simplify the equation, remove misconceptions and provide strategic guidance for building peace of mind at your organization.

Common Cybersecurity Misconceptions 

We find that many organizations believe cybersecurity is a device, such as a modern firewall. Perimeter defense, universally associated with a firewall, is of critical importance. While device-based solutions to cybersecurity management remain the most common misconception, we find many firms also have complementary programs that provide a false sense of security. Devices don’t prevent data breaches on their own — mature processes do.

A second misconception: Public companies must be compliant with the Sarbanes-Oxley Act to feel a sense of security in the cyber arena. SOX was designed to implement and test controls that are necessary to prevent a financial misstatement. Many controls critical to a mature cybersecurity program exist outside the scope of SOX…”

Full Story at Forbes.com