Centralized Visibility – Distributed Control: C- Suite leaders and a cyber resilient ecosystem in critical business sectors
Ever wonder how effective your cyber program is? You definitely should.
As senior leaders, you have a fiduciary responsibility to manage risk, but as leaders in the defense industrial base, state government, energy, critical manufacturing, financial services, healthcare, emergency operations, etc. you have a moral obligation to the communities you serve. This is one of those scenarios when the old “I’m here from the federal government and I’m here to help” should scare the hell out of you.
Why? There are a lot of you – CI sector orgs and state or local government – and not many of those feds. So if they are creating a policy, regulation, or adding a framework or, heaven forbid, giving you a call, it is almost guaranteed to be too late for you to build cyber resiliency.
All the buzzwords, e.g., zero trust, SASE, XDR, MDR, DLP, aside, you need to know where you are (in terms of cyber posture), where you want to be (filtered through the lens of operational constraints and realism) and what critical things you need to go do in order to prevent what you can predict. This what I call a ‘sky blue’ observation though. We should all know that…right?
Getting to a decent state of maturity
Getting to a decent state of maturity with your Attack Surface Management, data protection, detection and response is laudable. If you make your decisions based on integrated risk management – that’s even better.
But your divisions? Subsidiaries? Sister agencies who can access your data? Service providers? Vendors?
Odds are that they pose the big risk to your pristine and mature (ok – let’s be honest, more likely developing) cyber resilience program. They have tech sprawl (just like everyone), they have trouble retaining talent (again – like everyone) and their teams are overwhelmed.
Big mandates? Long questionnaires? Massive penalties for SLA failure? No – it is 2022 and we have the ability to manage cyber posture – compliance, maturity and effectiveness. We can provide contextualized data to decision makers and connect the dots for cyber defenders so they can gain a competitive edge against the onslaught of threats. AND it is completely reasonable to ask for a level of visibility that gives you peace of mind and makes both your org and your ecosystem better equipped to meet your fiduciary AND moral obligations.
Call to action
Let’s stop sticking our heads in the sand or hiding behind procurement policy and SLAs. Ask for transparency and expect it.
Bottom line: We can do better, be better, and regain the competitive edge.
The Impact of Cybersecurity on Tribal Organizations: Protection and Cultural Preservation
There are currently 574 federally recognized tribes in America. Each of these tribes is its own nation – with intricacies, culture, history and more. They operate efficiently on their own for everything from healthcare to education. As Tribal organizations continue...
Using the Tools at Our Disposal in Nontraditional Ways
Too often, our response to cyberwarfare in the U.S. is reactive. Companies’ key leadership don’t seriously contemplate what they could be doing better until after they’ve already suffered a cyberattack, and by that point, the damage has already been done. Our...
Cyber attacks are on the rise. According to a 2022 Mimecast report, three out of four organizations have been victims of a ransomware attack. Although 64% paid the ransom, nearly 40% failed to recover their data. In spite of these widespread attacks, less than...