Who is to blame for your current organisations cyber security woes? It might be you.
Cyber security is decimating businesses globally. Cyber crime is syphoning off billions of Pounds, Euros, Yen and Dollars from their respective economies. Hackers and cyber criminals seem to be impervious to capture and prosecution. Who is to blame for all this?
‘Where there’s blame there’s a claim’ is a phrase that seems to have entered the public lexicon enabling many to believe that failures in all forms are the fault of others. This includes cyber security. Many business leaders with overall responsibility for cyber security would like to find fault with the software vendors who provided their management information systems, ERP systems, or other major infrastructure elements that continually suffer from security compromises. The sad truth is, the person who is to blame for cyber security, if we need to point the finger, is not the vendors, not your IT team, not your external consultants, not the criminals, not even the current business climate, it’s you.
Let me quantify that a bit. If over the last, let’s say seven years, when you have been commissioning a major new IT project and IT security has not been one of your top five requirements, then it is in fact your fault that you may now have holes in your IT infrastructure that would make even the finest Swiss cheese jealous. Irrespective if the project was a BYOD initiative, or moving your backup system to the cloud, IT security needed to have been in the specification if today’s necessary retrospective actions were to be avoided.
The role of a board member, with IT responsibility, is to predict what is coming. They are to observe the changing trends in usage patterns, to understand what technology and what threats may be just over the horizon that may have the ability to benefit, or compromise, the long term growth and stability of their organsation. The role of their IT department is to keep the ‘today’ running and be in a position to adopt and support the future technology that is mandated.
I will admit that the threat of cyber security has caught many by surprise, however that surprise has now dissipated over a good couple of years with mitigation schemes, such as Cyber Essentials, available since 2014. As Bruce Schneier, the American cryptographer and computer security specialist is quoted as saying, “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” To resolve the cyber security challenge in any organisation requires admission that this topic was overlooked and not appropriately considered alongside other benchmarks. Steps must now be taken in order to turn around the metaphorical supertanker of malaise on this subject and tackle it head on.
How are you going to do this? I don’t know, because I’m not a management consultant and I don’t know your business at all. The only suggestion I can give is to pass on words from the US corporate trainer, Jack Canfield. In his management book, “The Success Principles”, which are a set of rules for fostering business success, his first suggestion is to “Take 100% responsibility for your current circumstances”. In seven words, it’s the most compelling statement I know of in order to commence the necessary change needed in order to move a company of any size into a more cyber aware future.
Don’t point the finger in fact ‘claim the blame’, some humility goes a long way as opposed to hostility against those that have provided you with technology in the past. The risks posed by cyber security will not go away, they will not fade away, it’s not a technological trend that be superseded when the next ‘must have’ gadget comes to market. It is in fact a mindset that technology actually assists with implementing.
If you have the responsibility for IT then cyber security is in fact a new measurement that all future projects will have to meet and an opportunity to prevent any future rounds of ‘The Blame Game’.