Centralized Visibility – Distributed Control: C- Suite leaders and a cyber resilient ecosystem in critical business sectors
Ever wonder how effective your cyber program is? You definitely should.
As senior leaders, you have a fiduciary responsibility to manage risk, but as leaders in the defense industrial base, state government, energy, critical manufacturing, financial services, healthcare, emergency operations, etc. you have a moral obligation to the communities you serve. This is one of those scenarios when the old “I’m here from the federal government and I’m here to help” should scare the hell out of you.
Why? There are a lot of you – CI sector orgs and state or local government – and not many of those feds. So if they are creating a policy, regulation, or adding a framework or, heaven forbid, giving you a call, it is almost guaranteed to be too late for you to build cyber resiliency.
All the buzzwords, e.g., zero trust, SASE, XDR, MDR, DLP, aside, you need to know where you are (in terms of cyber posture), where you want to be (filtered through the lens of operational constraints and realism) and what critical things you need to go do in order to prevent what you can predict. This what I call a ‘sky blue’ observation though. We should all know that…right?
Getting to a decent state of maturity
Getting to a decent state of maturity with your Attack Surface Management, data protection, detection and response is laudable. If you make your decisions based on integrated risk management – that’s even better.
But your divisions? Subsidiaries? Sister agencies who can access your data? Service providers? Vendors?
Odds are that they pose the big risk to your pristine and mature (ok – let’s be honest, more likely developing) cyber resilience program. They have tech sprawl (just like everyone), they have trouble retaining talent (again – like everyone) and their teams are overwhelmed.
Big mandates? Long questionnaires? Massive penalties for SLA failure? No – it is 2022 and we have the ability to manage cyber posture – compliance, maturity and effectiveness. We can provide contextualized data to decision makers and connect the dots for cyber defenders so they can gain a competitive edge against the onslaught of threats. AND it is completely reasonable to ask for a level of visibility that gives you peace of mind and makes both your org and your ecosystem better equipped to meet your fiduciary AND moral obligations.
Call to action
Let’s stop sticking our heads in the sand or hiding behind procurement policy and SLAs. Ask for transparency and expect it.
Bottom line: We can do better, be better, and regain the competitive edge.
How do you come to “know yourself?” For over two thousand years, texts like Sun Tzu’s Art of War have expressed the value of this exercise in battle, in life, and in business. In episode 3 of “All the War They Want,” Jeff Engle and Carmen...
What does a hacker look like today? How do they operate, and how can businesses protect themselves against unknown cyber threats? In the second episode of our new podcast “All the War They Want,” GRC Consultant Bradley Barnes joins Carmen Brooks and Jeff...
Knowing the Environment – Challenges and solutions around protecting what is important to you and your business
How do small businesses defend against cyberattacks? How do they prioritize teams and resources to achieve “cyber resiliency”? Is compliance alone enough to stay safe? In this episode of All the War They Want, Liz Nurse joins Carmen Brooks and Jeff Engle...