Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

The Changing Cybersecurity Landscape

First of a Four-Part Series for National Cyber Security Awareness Month

By Dusty Wince
cyber 2 feat
October 8, 2014

October marks the 11th Annual National Cyber Security Awareness Month sponsored by the Department of Homeland Security (DHS). Designed to engage, educate and bring awareness to the important issue of – and as DHS so eloquently puts it, “no country, industry, community, or individual is immune to” – cyber risks. The launch of Cyber Security Awareness Month led me to reflect on the cyber market and how it has completely, and significantly, changed over the last decade-plus.

As a company, Knowledge Consulting Group (KCG) is approaching our fifteenth year as a cyber services provider and we have seen firsthand the changing dynamics. In conjunction with Cyber Security Awareness Month, we wanted to share how cyber has evolved, looking at the market from different perspectives over the next four weeks. Here are two major changes that have impacted the market from my point of view:

Elevation of the Cyber Responsibility

From an executive-level perspective, the greatest shift in cybersecurity relates to the focus and the responsibility – moving from strictly an “IT issue” to one of a business function. Look no further than the Target breach and the subsequent resignations of the company’s CEO and CIO to see how cybersecurity has escalated to the C-suite. This was unprecedented 15 years ago, when the primary cybersecurity role of IT was information assurance. So why has the philosophy changed?

The clear answer is the financial impact that a breach can have on an organization. Cybersecurity programs have transitioned from a “nice to have” to a full-blown differentiator for an organization. It is being recognized as a key investment needed to protect not only information and assets, but reputation and shareholder value. And it has to be a clear priority all the way up to the top of the org chart.

In some respects, the government market has been ahead of the commercial space in identifying the need and role for the C-level in cybersecurity. The Federal Information Security Management Act of 2002 (FISMA) pushed forward the concept of the Chief Information Security Officer (CISO), a new executive focused 100 percent on security. FISMA defined the role of the CISO, and the government elevated its attention to cybersecurity, why did the commercial market not follow?

Simply because they didn’t have to. There was no overarching guidance or regulation that drove compliance. Sure, individual market segments adopted their own governance models –PCI for credit card transactions, HIPAA for healthcare, ISO for international IT standards – but there were no consistent standards set in place market-wide to direct executive-level buy-in. Instead, organizations based their security programs on how risk adverse they were. That approach has clearly changed, and will only continue to be a focus at the highest levels of an organization.

Full Lifecycle Cybersecurity

The second major trend we have seen unfold is the movement away from a compliance-based approach to cybersecurity to a more full lifecycle implementation model. IT departments used to view security as a means of checking boxes – is our anti-virus software current...check; did we run our weekly patch program...check; did we adhere to whatever regulations govern our industry (HIPAA, FISMA, PCI, ISO, etc.)...check. As the threat landscape evolved, attacks became more prevalent and the bottom line started to become effected – the Ponemon Institute estimates cyber attacks cost an average of $1 million to resolve – as a result, organizations began taking a holistic view.

Organizations were now forced to consider risk and security together, taking a more strategic look into their enterprise. This included instituting moreformal approaches for assessing, planning, building and executing effective cybersecurity programs. It is now about building, maturing and enhancing cybersecurity programs, focusing on the full lifecycle – risk management, governance, security operations and, of course, compliance.This holistic approach means that organizations are now looking at each of these components individually, as well as part of an overall strategy, including:

  • Risk Management: Identifying weaknesses and key risk indicators while aligning with business objectives is critical. Organizations need to implement plans that address cyber risks, security assessment and authorization, continuous monitoring, third-party risk management, business continuity and contingency planning to help mitigate risk.
  • Governance: Organizations must clearly define a governance structure, layers of authority and well-defined and communicated policies and procedures. A holistic understanding of key people, processes and technologies is needed to develop a program that aligns to the organization’s culture.
  • Security Operations: Organizations must understand and mitigate the vulnerabilities that adversaries may exploit, including reducing the risk and damage profile of an attack. They must develop, implement and maintain methodologies, technologies and processes to defend against and respond to a constantly changing threat environment.
  • Compliance: Organizations must also define and implement processes, policies and technologies that comply with regulations, assist with audit preparation and meet industry standards.

The cyber world has a dramatically new look during this year’s Cyber Security Awareness Month than it did when DHS kick started the initiative 11 years ago. We hope that this article series will provide a look back at that change from varying viewpoints as we move ahead with what is sure to be another evolutionary time in cybersecurity. 

KEYWORDS: cyber risk mitigation cyber security awareness cybersecurity preparedness

Share This Story

Dusty Wince is the Founder and Chief Executive Officer for the Knowledge Consulting Group (KCG).

Blog Topics

Security Blog

On the Track of OSAC

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing