We have been following the same cybersecurity approach, more or less, for over a decade. Yet, most everyone agrees that the problem continues to grow worse. Perhaps we are not on the right course. Maybe we are operating on false assumptions. The following list (to be continued in next month’s column) is meant to promote a dialogue about what, in my view, are widely held cybersecurity myths.
According to frequent headlines in the press, cybersecurity is an issue that has seized the attention of corporate boards and the executives who report to them. The reality is probably more nuanced. Although the largest companies in some sectors are engaged in extensive risk management efforts, the broader business community in the middle market remains at best uneven in its response, says Matthew F. Prewitt, partner with law firm Schiff Hardin in Chicago, chair of Schiff Hardin’s data security and privacy team and co-chair of the trade secrets and employee mobility team.
Ask most corporate executives to define cybersecurity and their initial thoughts turn to data privacy. That’s for good reason. Companies are bleeding corporate trade secrets and personally identifiable information at such an alarming rate that confidentiality issues and related compliance concerns can’t help but dominate the cybersecurity agenda. Yet, ask cybersecurity professionals what keeps them up at night, and the topic invariably turns to data deletion, tampering with control systems, and the potential to cause physical harm over the Internet. These concerns fall into categories that are distinct from protecting data confidentiality. Instead, they demonstrate the importance of maintaining an enterprise focus on the integrity and availability of your company’s most essential data, systems and services.
For the next generation of enterprise security leaders, is there a clear path forward to success? Enterprise security leaders discuss mentorships, education, certifications and the skills new CSOs and CISOs will need to succeed in their evolving roles and bring value to the business. But the problem is: with existing security leadership roles varying so widely, is the development of a uniform skill set even possible?