Centralized Visibility – Distributed Control: C- Suite leaders and a cyber resilient Ecosystem in critical business sectors

by | Jan 5, 2022 | Insights

Ever wonder how effective your cyber program is? You definitely should.

As senior leaders you have a fiduciary responsibility to manage risk but as leaders in the defense industrial base, state government, energy, critical manufacturing, financial services, healthcare, emergency operations, etc. you have a moral obligation to the communities you serve. This is one of those scenarios when the old “I’m here from the federal government and I’m here to help” should scare the hell out of you.

Why? There are a lot of you – CI sector orgs and state or local government – and not many of those feds. So if they are creating a policy, regulation, or adding a framework or, heaven forbid, giving you a call it is almost guaranteed to be too late for you to build cyber resiliency.

All the buzzwords, e.g., zero trust, SASE, XDR, MDR, DLP, aside, you need to know where you are (in terms of cyber posture), where you want to be (filtered through the lens of operational constraints and realism) and what critical things you need to go do in order to prevent what you can predict. This what I call a ‘sky blue’ observation though. We should all know that…right?

Getting to a decent state of maturity

Getting to a decent state of maturity with your Attack Surface Management, data protection, detection and response is laudable. If you make your decisions based on integrated risk management – that’s even better.

But your divisions? Subsidiaries? Sister agencies who can access your data? Service providers? Vendors?  

Odds are that they pose the big risk to your pristine and mature (ok – lets be honest more likely developing) cyber resilience program. They have tech sprawl (just like everyone), they have trouble retaining talent (again – like everyone) and their teams are overwhelmed.

The solution?

Big mandates? Long questionnaires? Massive penalties for SLA failure? No – it is 2022 and we have the ability to manage cyber posture – compliance, maturity and effectiveness. We can provide contextualized data to decision makers and connect the dots for cyber defenders so they can gain a competitive edge against the onslaught of threats. AND it is completely reasonable to ask for a level of visibility that gives you peace of mind and makes both your org and your ecosystem better equipped to meet your fiduciary AND moral obligations.

Call to action

Let’s stop sticking our heads in the sand or hiding behind procurement policy and SLAs. Ask for transparency and expect it.

Bottom line: We can do better, be better, and regain the competitive edge.

Share This