Note: This is the first in a series on Culture, Infinite Mindset and the role Cybersecurity plays in it all
Reading this from one’s office, wherever that may be, is a luxury missed by one former CEO. He is not welcomed at his office any longer. He’s has been forced to resign in disgrace and subject to civil liability, growing legal bills and a family not understanding what went wrong.
Misunderstanding the role of the CEO to be one to solely drive profit and investor return, former CEO, Jacob, missed the modernized role of thought leader and visionary. One in charge of the organization’s “culture” which, as used here, simply means the baseline understanding, morale, training and policies in place at every level of an organization.
His career and the company he loved, now stand as a mere shell of their former existence.
CULTURE AND CYBERSECURITY
For decades, the idea of culture was something he thought meant bean bags, free meal plans (“open plan”) and ping pong tables, especially when trying to appease younger generations. IT security and the risk of a data breach was solely a worry of the IT department. If something went wrong, fire the IT team or its leaders or cancel the contract with the third-party contract services provider. Simple.
But those days are gone. They’ve been gone for a while, yet we still come across CEO’s like Jacob who fail to understand: IT security and a data breach are the responsibility of the C-suite. The C-suite members are now held accountable. They risk, very realistically, being replaced, voluntarily or involuntarily, after a security data breach.
A data breach involves the loss of everything that matters. Everything that makes your organization unique (differing value proposition, intellectual property, customer lists, etc) is at risk of being taken. In fact, the odds more likely than not that you will be targeted.
The cyber criminals today are not some kid in a hoody up all night drafting code in mom’s basement. It’s a sophisticated organization, albeit illegitimate, involving layers of people that each gets paid along the way. They all have one goal: your data. They expose it for notoriety, greed or political purposes. Sometimes simply to show one thing: that they have the power to do so.
Era of Accountability
There are hundreds of examples of small and mid-sized organizations who leadership has been forced to resign or outright terminated following a breach. The reasons are simple. It’s essentially a breach of your fiduciary duty as a leader to expose personal and private data to untrusted and unknown parties.
A data breach attacks and takes the very heart of an organization and gives it to the enemy. If it’s private, personal information, then the enemy is public exposure. If it’s financial data, the enemies are non-fiduciaries, meaning those who have not knowingly been entrusted to care for that financial data. At the end of the day, nobody wants to do business with any organization that will hurt them. In this sense, the injury comes from data breach.
In addition to the hundreds of examples of C-suite members losing their positions from data breaches at small and mid-sized organizations, there are the more obvious larger breaches that garner much of the news cycle. The Target breach caused the CEO to resign following the publicized exposure of 110 million customer records which were compromised. This, to date, is the largest breach of payment card data. That’s today, though.
The first step in cyber security defense is admitting you have a problem. Trust us we all do.
A data breach can have devastating and crippling effects to your operations and a breach affects every layer from top to bottom. The risks come from daily attacks involving non-technical criminals who push out malicious malware, from ransomware (which encrypts your data and blocks you from accessing it, shutting down your device and network until you pay a ransom by a date certain) to remote access trojans (which take control of your device and network, extracting data, uploading it) causing data to be disseminated publicly.
Impact of a Cyber Attack
The statistics are overwhelming and exacerbate daily. Not only are U.S. organizations targeted daily but the perception that most leaders have is misaligned. Cybersecurity is really not an IT-issue.
Rather it’s an issue owned by everyone at the organization, since Cybersecurity goes to the very heart of the organization’s brand. So too, the culture must adapt to embrace Cybersecurity as part of the daily routines addressed by everyone. Ownership falls on leadership to drive this cultural shift.
Because cybersecurity is intertwined with an organization’s culture, the way it is approached and the attention it’s given matters. It goes to the heart of the organization’s brand and therefore must be given the attention the brand is given. It’s interwoven into the fabric of the brand. The lack of thinking properly about it can destroy the very brand it’s supposed to protect.
Part 2 addresses Why Cybersecurity matters and then moves to illustrated the role of Infinite versus Finite planning and strategy.
For more info:
Cybersecurity Services, Enterprise Helpdesk, Network and Onsite IT Support
David Mauro, Managing Director, All Covered