“Technology… is a queer thing; it brings great gifts with one hand and it stabs you in the back with the other”, said Charles Percy Snow. We stand testimony to this profound statement. Cyber Security or the lack of it exemplifies this harsh reality. In the thick of things Chief Information Security Officers, CISOs, have to deliver IT Security is business entities & also in government organisations. Herein, fits in the question: Cyber Security in Crisis: Can CISOs salvage it?
Is Cyber Security an independent domain or is it completely intertwined with business risk? The present functioning of the IT industry treats Cyber Security as an independent entity, whereas immense data and reality proves to the contrary. This realisation has still to be ingrained in the company’s DNA. Security is not an integral part of business strategic planning and cyber security risk is still to be factored in Firm Valuation.
In this extremely paradoxical scenario, CISOs bears the brunt, for which he might not be fully prepared or are in knowledge of. Quick Fix solutions then can be the only answer, as is the case all over. The Quick Fix is getting unstuck at the fall of a hat and we find the IT Security establishment gaping in bewilderment.
CISOs job description, status and his capability to influence Company’s decision making & organise requisite funds is in question. Are they aware of the systems end to end? How much can he influence the functioning of the company to make it security aligned to the present day requirements, which are humongous? *As hacks are the accepted New Normal, has he been able to make IT Systems and services resilient?*
Moving forward, management buy in the key. CISO alone cannot deliver. A product is not a solution, a solution is not a product. Over to the the next level.
PRESENT CYBER SECURITY CHALLENGES DICTATE MANAGEMENT BUY IN. BUY IN OR PERISH.