Centralized Visibility – Distributed Control: C- Suite leaders and a cyber resilient Ecosystem in critical business sectors

by | Jan 5, 2022 | Insights

Ever wonder how effective your cyber program is? You definitely should.

As senior leaders you have a fiduciary responsibility to manage risk but as leaders in the defense industrial base, state government, energy, critical manufacturing, financial services, healthcare, emergency operations, etc. you have a moral obligation to the communities you serve. This is one of those scenarios when the old “I’m here from the federal government and I’m here to help” should scare the hell out of you.

Why? There are a lot of you – CI sector orgs and state or local government – and not many of those feds. So if they are creating a policy, regulation, or adding a framework or, heaven forbid, giving you a call it is almost guaranteed to be too late for you to build cyber resiliency.

All the buzzwords, e.g., zero trust, SASE, XDR, MDR, DLP, aside, you need to know where you are (in terms of cyber posture), where you want to be (filtered through the lens of operational constraints and realism) and what critical things you need to go do in order to prevent what you can predict. This what I call a ‘sky blue’ observation though. We should all know that…right?

Getting to a decent state of maturity

Getting to a decent state of maturity with your Attack Surface Management, data protection, detection and response is laudable. If you make your decisions based on integrated risk management – that’s even better.

But your divisions? Subsidiaries? Sister agencies who can access your data? Service providers? Vendors?  

Odds are that they pose the big risk to your pristine and mature (ok – lets be honest more likely developing) cyber resilience program. They have tech sprawl (just like everyone), they have trouble retaining talent (again – like everyone) and their teams are overwhelmed.

The solution?

Big mandates? Long questionnaires? Massive penalties for SLA failure? No – it is 2022 and we have the ability to manage cyber posture – compliance, maturity and effectiveness. We can provide contextualized data to decision makers and connect the dots for cyber defenders so they can gain a competitive edge against the onslaught of threats. AND it is completely reasonable to ask for a level of visibility that gives you peace of mind and makes both your org and your ecosystem better equipped to meet your fiduciary AND moral obligations.

Call to action

Let’s stop sticking our heads in the sand or hiding behind procurement policy and SLAs. Ask for transparency and expect it.

Bottom line: We can do better, be better, and regain the competitive edge.

Cybersecurity 9/11 already happened. When will we act?

Cybersecurity 9/11 already happened. When will we act?

If you’re still waiting for a cybersecurity 9/11 or a ransomware Pearl Harbor to punch us in the gut, wake up. The equivalent has already happened. More than one, in fact. Maybe SolarWinds and Colonial Pipeline1 didn’t have the same devastating visuals of...

Your New Cyber SOC Isn’t Enough. You Need A Mindset

Your New Cyber SOC Isn’t Enough. You Need A Mindset

There were no cyber SOCs when Sun Tzu wrote “The Art of War” more than 2,500 years ago. But the ancient Chinese warrior’s old principles can empower new cybersecurity attitudes and approaches to fighting our newest wars in the digital realm. And make...

Why DIB Companies Need a Managed Security Services Provider

Why DIB Companies Need a Managed Security Services Provider

As DIB companies navigate increased regulations and cybersecurity threats, they should turn to managed security service providers (MSSPs) as trusted advisors.  What is an MSSP? Similar to a managed service provider (MSP), an MSSP acts as a trusted advisor to your...

Share This