In every war there are two sides, whether we are talking about military action, a football game, or the fight against cybercrime. What all these scenarios there have in common is there are some people on defense and those who are on the offensive side of the line. You are either the predator or the prey.
Since I am not writing for the Army generals or the New England Patriots, let’s talk about cyber attacks and which side you are on.
You are probably thinking I’m on the good side, the side that is defensively protecting my network, the side that is always under attack even though I never did anything to provoke it. And I’m here to say that might only be partially true.
If you are not fully committed to doing everything possible to stop the cyber attackers, you might actually be unwittingly helping the them more than you realize.
If you are not keeping your network secure, you are inviting hackers to use your network as a playground. A place where they can find vulnerabilities and practice exploiting them. A place where they can see what works and what doesn’t, what goes undetected and what gets noticed. If you are not creating secure websites and applications, you are giving the hackers more to learn from so they can then use it against other organizations.
Once inside your network you are also giving them a place from which they can launch their next attack. If the breach goes undetected in your network, which they most often do, they can launch an attack on someone else and make it appear to investigators that you are the perpetrator, not them. And if you are connected to another organization’s network you might have just opened the doors for the attacker to gain access to them as we saw happen with the Target breach.
The attackers are fully vested in finding new ways to attack and get what they want, and if you are not equally fully vested in a security program, you are letting them win without putting up much of a fight. Just as you wouldn’t expect the US military to show up without a battle plan or for your favorite football team to show up without a game plan, it makes as little sense for a company or organization to show up without a security plan solidly in place.
If you are the CEO of an organization, you are responsible for what happens under your care. That means you are responsible for security and any breach that might occur. I’m not saying you personally have to be the one to figure out how to protect your network and the data that has been entrusted to you. You don’t personally have to monitor the network and know exactly what is happening at all times, but what I am saying is that you are responsible for ensuring you have the right people to do this, that they have the resources they need, the best strategy, and that a culture of security is in place.
Stay tuned for the next three articles in this series that will discuss culture of security, ensuring you have a security strategy, and having the right security resources.
As a 12-year veteran of the information security and compliance space, I invite you to send me an email at sharon@c-suiteresults.com or reach out via LinkedIn https://www.linkedin.com/in/smithsharonj/ to ask any questions you might have on this topic or other security topics that might (or should!) be keeping you up at night.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/
- Using the Golden Rule to be a Better Leader - July 2, 2018
- Arming the Cyber Defender – Your Employees - May 8, 2018
- The Secret to Hiring Cybersecurity Professionals - May 3, 2018