Centralized Visibility – Distributed Control: C- Suite leaders and a cyber resilient ecosystem in critical business sectors
Ever wonder how effective your cyber program is? You definitely should.
As senior leaders, you have a fiduciary responsibility to manage risk, but as leaders in the defense industrial base, state government, energy, critical manufacturing, financial services, healthcare, emergency operations, etc. you have a moral obligation to the communities you serve. This is one of those scenarios when the old “I’m here from the federal government and I’m here to help” should scare the hell out of you.
Why? There are a lot of you – CI sector orgs and state or local government – and not many of those feds. So if they are creating a policy, regulation, or adding a framework or, heaven forbid, giving you a call, it is almost guaranteed to be too late for you to build cyber resiliency.
All the buzzwords, e.g., zero trust, SASE, XDR, MDR, DLP, aside, you need to know where you are (in terms of cyber posture), where you want to be (filtered through the lens of operational constraints and realism) and what critical things you need to go do in order to prevent what you can predict. This what I call a ‘sky blue’ observation though. We should all know that…right?
Getting to a decent state of maturity
Getting to a decent state of maturity with your Attack Surface Management, data protection, detection and response is laudable. If you make your decisions based on integrated risk management – that’s even better.
But your divisions? Subsidiaries? Sister agencies who can access your data? Service providers? Vendors?
Odds are that they pose the big risk to your pristine and mature (ok – let’s be honest, more likely developing) cyber resilience program. They have tech sprawl (just like everyone), they have trouble retaining talent (again – like everyone) and their teams are overwhelmed.
Big mandates? Long questionnaires? Massive penalties for SLA failure? No – it is 2022 and we have the ability to manage cyber posture – compliance, maturity and effectiveness. We can provide contextualized data to decision makers and connect the dots for cyber defenders so they can gain a competitive edge against the onslaught of threats. AND it is completely reasonable to ask for a level of visibility that gives you peace of mind and makes both your org and your ecosystem better equipped to meet your fiduciary AND moral obligations.
Call to action
Let’s stop sticking our heads in the sand or hiding behind procurement policy and SLAs. Ask for transparency and expect it.
Bottom line: We can do better, be better, and regain the competitive edge.
War is no longer fought only on a battlefield. It happens everywhere at any moment in the devices we carry around in our back pockets and on our wrists. Cybersecurity was unheard of until 50 years ago—years before personal computers became commonplace. Now, with...
One of the internet’s greatest strengths in business, the ability to share information internally and externally, has turned into one of its biggest liabilities as cybercriminals around the globe relentlessly attack security vulnerabilities of third-party vendor...
On a list of the critical necessities for our country’s modern way of life, at the very top has to be electricity. Not only does it provide light, keep our food from spoiling and maintain a comfortable temperature in our living spaces, it powers the many screens with...