There is an elephant in the room. It has been there for a while and everyone knows it. It doesn’t seem interested in going away. We keep hoping it will. If is making messes no one wants to deal with.
The elephant has a name. The name is Cyber-Security.
It is clearly a big issue so this is not a baby elephant. We will have to talk about it when a breach occurs (and it will). The problem with that approach is when it happens the focus becomes figuring out the technical aspects of how it happened not what we should do holistically beyond just the technology to prevent it.
This is where another elephant issue comes into play. Remember the blind men, who have never come across an elephant before, learn and conceptualize what the elephant is like by touching it.
Each blind man feels a different part of the elephant body, but only one part, such as the side or the tusk. They then describe the elephant based on their partial experience and their descriptions are in complete disagreement on what an elephant is. We have a tendency to project our partial experiences as the whole truth, ignore other people’s partial experiences. With every effort to optimize a part, we sub-optimize the whole.
As is usually the case, no one wants to talk about any of this.
How do we create a framework to discuss cyber-security and actually do something about it? What is the holistic approach so we see the whole elephant, not just a leg or trunk? Is it really all about technology? To be clear, it is not just about technology.This isn’t just an issue for the CIO only.
There are a lot of companies selling and supporting the technology. It can be a big investment. Will it pay off?
In looking for partners to be of help, consider the holistic approach. If it isn’t being offered, look somewhere else (like Fortium Partners).
Strategy – Coming up with measurable cyber-security goals and strategies to achieve the goals isn’t easy. Perhaps that is why this is ignored. It is, however, foundational to our work with people, processes and technology.
People – The people issues are the messiest. It can be an swamp of the worst disorder. It starts with the C-Suite. How important is this relative to everything else on our plates? I imagine recently departed Equifax CEO Richard Smith may have a different perspective now than he did a few months ago.
How do we train employees to not click on phishing links? How do assure that technology engineers are applying software patches in a timely manner? What is the role of middle managers in all of this?
Process – What are the standard processes that all employees should be following? How do we ensure accountability? What should we measure and do we have dashboards to track it all?
Technology – What technology will support our strategy, people and processes? How much should we invest in all of this? Do we have the right staff involved?
Please Contact me