Too often we continue to see executives whose approach to cybersecurity - compliance rather than protection - is strikingly similar to that of the ill-advised business owner whose minimal fire protection is designed only to meet the building code.
It's clear that Kemba Walden, the nation's acting national cyber director, is committed to a fundamental change in our approach to cybersecurity - a focus on investments in tools and skills that provide protection, not mere compliance that allows executives to check a box.
In her keynote address at BlackHat 2023 in early August, Walden straightforwardly laid out the Biden Administration's vision of a National Cybersecurity Strategy, one based on the adoption of the right cybersecurity tools and the deployment of the best people.
Seasoned cybersecurity professionals recognize the challenge that Walden and her team are addressing.
There, the number and sophistication of threats from bad actors plainly are rising at the same time that the Securities and Exchange Commission is nearing release of a regulatory framework that will govern the industry's cybersecurity responsibilities.
In response to the growing threat, the Securities and Exchange Commission in 2022 proposed stronger rules on cybersecurity protection as well as the process to report breaches.
The big players in the securities industry generally have strong cybersecurity teams.
While many suggested changes to improve the proposals - providing more time for companies to disclose a breach, for example - many opponents simply wrote off the improved cybersecurity rules as onerous, expensive and unneeded.
In the wealth-management sector - and, frankly, across the business world - decisions about investment in cybersecurity expertise and technology continue to be made by executives who don't have a deep understanding of cybersecurity issues.
At its heart, cybersecurity is simply a matter of managing and mitigating risk.
Cybersecurity experts themselves can deal with all those technical details that cause C-level executives to nod off during boardroom presentations.
Every executive understands the importance for managers to mitigate business risk, and that's what cybersecurity leaders need to be talking about.
In order to truly optimize an organization's risk management, strategy and spending on cybersecurity should always be derived from the organization's risk profile.
One of the most important lessons that cybersecurity professionals can share with top managers is this: No system in the world is completely secure and safe from hacking.
Quick expulsion is possible only when cybersecurity professionals keep a constant eye on the system in real time, not when organizations rely on tools that produce a look-back report that covers the previous day, week, or month.
Sleepless nights will be even more common among cybersecurity professionals in industries that are heavily regulated like financial services.
Leaders of the cybersecurity industry talked a lot about workforce development during BlackHat 2023, both during the formal presentations as well as informal conversations over a cup of coffee.
Today, many worry that AI will dramatically reduce the need for human expertise in cybersecurity.
Cybersecurity professionals, too, will survive and thrive in the world of AI as they upgrade their skills and seek out new opportunities to put those skills to work.
Cybersecurity professionals who sharpen their skills in ways that allow them to provide risk-analysis and risk-mitigation to top leaders of organizations will continue to thrive.
This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Tue, 26 Dec 2023 06:13:05 +0000