What’s needed for strong cyber security? Good security policies, processes, and technology safeguards, of course, but highly-secure organizations also integrate security into their corporate culture — from new employees to the corner office. Since the proverbial buck stops at the CEO’s desk, cyber security-conscious and proactive CEOs are a security professional’s best friend.
In its recent research report, “Assessing Cyber Supply Chain Vulnerabilities Within The US Critical Infrastructure” (Note: The report is available for download at www.enterprisestrategygroup.com), ESG Research asked security professionals working at critical infrastructure organizations (i.e., electric power, financial services, health care, etc.) to respond to the following question: “How would you rate your organization’s management team on its willingness to invest in and support cyber security initiatives?” The responses were as follows:
Obviously, executives need to sort through a maze of costs and spend shareholder dollars judiciously. Furthermore, security professionals are paid to be paranoid and will usually want more funding. That said, nearly one-fourth of respondents rated executive management support for cyber security as “fair” or “poor.” Remember too that we are talking about critical infrastructure here — our money, our power, our food, our health care, etc. Yikes! Even more frightening, 38% of survey respondents working at telecommunications companies rated their executive management’s support for cyber security initiatives as “fair” or “poor.” If your cell phone stops working soon, don’t be surprised.
I believe there are several problems here:
It’s time to address these issues. Business managers must realize that automation, digitization, and new applications come with a cyber security cost — period. Security professionals need better communications skills and tools to translate nerdy technospeak into more pedestrian language. Legislators need carrots and sticks to entice technically-challenged 60 year old CEOs to invest in cyber security. It’s that simple. Either we do these things or we wake up one day to darkness. It is our choice.
Related posts:
Tags: Barack Obama, CIP, Critical Infrastructure Protection, Cyber Coordinator, cyber security, cyber supply chain, Cyber supply chain assurance, cyber supply chain security, DHS, DOD, Enterprise Strategy Group, ESG, Howard Schmidt
Name (required)
Mail (will not be published) (required)
Website
Your email: