{"id":22682,"date":"2021-03-15T10:59:02","date_gmt":"2021-03-15T10:59:02","guid":{"rendered":"https:\/\/www.experfy.com\/blog\/cyber-security-operational-illusion\/"},"modified":"2023-08-30T11:48:57","modified_gmt":"2023-08-30T11:48:57","slug":"cyber-security-operational-illusion","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/cyber-security-operational-illusion\/","title":{"rendered":"Cyber Security: The Operational Illusion"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Security culture and governance eat tech for breakfast<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Looking back at what happened at ground level throughout the COVID crisis, it is clear that the focus has been entirely on operational matters: From moving into remote working at scale for the services industry, to keeping supply chains working for the manufacturing sector, or many retail firms having to re-invent themselves as digital businesses, literally within weeks. It has all been about keeping the lights on, understandably.<\/p>\n

Tech and cyber security have been \u2013 and still are \u2013 at the heart of all this, and, as we wrote back in April 2020<\/a>, it is hard not to see those sectors coming out as winners once the dust has settled over the pandemic.<\/p>\n

But for now, the focus has been entirely tactical; nobody can see beyond the short term, and it is likely to remain the case for the best part of 2021. This is hard to criticize as a business approach given the scale and depth of the crisis, but in many firms, when it comes to cyber security, it is simply perpetuating and aggravating an endemic tendency, which over the past 10 years<\/a>, has kept CISOs trapped in endless firefighting<\/a>, has prevented them from developing in terms of leadership and management skills, and has not brought forward the necessary maturity changes around security in terms of governance, organization and culture.<\/p>\n

This will be a serious problem in many firms which would have been locked for years in slow-moving and expensive security programmes, and now need to transform their security practices at pace as cyber security has become a pillar of their \u201cnew normal\u201d.<\/p>\n

It is an illusion to think that all the tactical and operational focus which has been prevailing around cyber security since the start of the pandemic, is transformative.<\/p>\n

It might be counter-intuitive but moving past this operational obsession<\/a> with cyber security is key, as we look ahead, to unlock long-term transformational dynamics.<\/p>\n

The idea that the consistent protection of the business from cyber threats can result entirely and purely from the implementation of technical tools \u2013 or ad-hoc pen tests for that matter \u2026  \u2013 is fundamentally flawed, in absence of a coherent overarching vision.<\/p>\n

Tactical knee-jerk reactions simply add layer upon layer of technical legacy. Over time, the poor delivery of poorly selected tools breeds distrust with senior management, who can\u2019t help but seeing that breaches continue to happen in spite of the millions spent. The inefficient reverse-engineering of security processes around the capabilities of the tools leads to escalating operational costs, staff shortages and apparent<\/a> skills gaps. CISOs feel alienated<\/a> and leave. All this builds a narrative by which security becomes a cost and a problem, and overtime nobody wins.<\/p>\n

Throwing money at the problem \u2013 for the industries where that is still an option in the midst of the COVID crisis \u2013 is not the answer for firms where security maturity has stagnated as a result from decades of under-investment and adverse prioritisation by the business.<\/p>\n

More than ever, now is the time to think in terms of People first, then, Process THEN Technology, if the objective is to build a lasting transformational<\/a> dynamic around cyber security.<\/p>\n

It is a vision that has to come from the top and be relayed across all the silos of the enterprise. Cyber security cannot be seen as the responsibility of the CIO<\/a> or the CISO. It needs to be visible and credible as part of a coherent business\u00a0purpose<\/a>, communicated coherently to the staff by senior management, and relayed \u2013 and enforced \u2013 by a proper\u00a0governance<\/a>\u00a0framework.<\/p>\n

It is the embedding of security values in corporate culture and corporate governance that should drive the transformative efforts around cyber security and will lead ultimately to effective cyber resilience<\/a>.<\/p>\n

This is certainly harder to put in place than buying more tech or doing one more pen test, but it is the key to long term transformative success around cyber security, in particular as younger generations become more and more sensitive to clarity of purpose<\/a> and positive business values.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

It is the embedding of security values in corporate culture and corporate governance that should drive the transformative efforts around cyber security and will lead ultimately to effective cyber resilience.<\/p>\n","protected":false},"author":529,"featured_media":18926,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[187],"tags":[878,943,1412,462],"ppma_author":[3178],"class_list":["post-22682","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bigdata-cloud","tag-cio","tag-ciso","tag-cyber-resilience","tag-cyber-security"],"authors":[{"term_id":3178,"user_id":529,"is_guest":0,"slug":"jean-christophe-gaillard","display_name":"Jean-Christophe Gaillard","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_b55e5afa-fb86-428a-a054-3be0451df2a4-150x150.jpg","user_url":"https:\/\/www.corixpartners.com","last_name":"Gaillard","first_name":"Jean-Christophe","job_title":"","description":"Jean-Christophe Gaillard\u00a0is Managing Director and Founder at Corix Partners. He is also a Non-Executive Director with\u00a0Strata Security Solutions<\/a>, a specialized cybersecurity firm. He has been co-president of the Cyber Security group of the\u00a0Telecom Paris Tech alumni association<\/a>\u00a0since May 2016. He is the author of \u201cCyber Security: The Lost Decade<\/a>\u00a0\u2013 A Security Governance Handbook for the CISO and the CIO\u201d, He contributes regularly to\u00a0The Digital Transformation People<\/a>,\u00a0Business 2 Community<\/a>, and\u00a0IoTforAll<\/a>\u00a0platforms, as well as the\u00a0Business Transformation Network<\/a>. He is an expert contributor on the\u00a0CIO Water Cooler<\/a>\u00a0and has previously published articles on\u00a0InfoSecurity<\/a>\u00a0Magazine, \u00a0Computing<\/a>, the C-Suite.co.uk,\u00a0Info Sec Buzz<\/a>\u00a0and the\u00a0IoD Director<\/a>\u00a0websites."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/22682","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/529"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=22682"}],"version-history":[{"count":4,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/22682\/revisions"}],"predecessor-version":[{"id":31925,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/22682\/revisions\/31925"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/18926"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=22682"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=22682"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=22682"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=22682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}