{"id":2327,"date":"2020-03-19T03:06:58","date_gmt":"2020-03-19T00:06:58","guid":{"rendered":"http:\/\/kusuaks7\/?p=1932"},"modified":"2023-12-27T02:59:03","modified_gmt":"2023-12-27T02:59:03","slug":"the-real-leadership-challenges-around-cyber-security","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/iot\/the-real-leadership-challenges-around-cyber-security\/","title":{"rendered":"The Real Leadership Challenges around Cyber Security"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

The security industry needs to pivot away from \u201ctalking about things\u201d onto \u201cgetting things done\u201d<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThe World Economic Forum\u2019s \u201cCyber Security Guide for Leaders in Today\u2019s Digital World<\/strong><\/a>\u201d (WEF \u2013 October 2019) makes interesting reading, but frankly does it move the needle?\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nIt does provide a solid and up to date summary on cyber security good practices and rightly puts a strong emphasis on the cultural aspects and the importance of trust.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tIt acknowledges the execution failure around cyber security (\u201ccurrent approaches make it difficult to implement comprehensive best practices across the full extent of the digital and operating environments in organizations\u201d<\/em>) which is at the heart of what we have been calling the \u201clost decade<\/a>\u201d, as well as the product\u00a0proliferation<\/a>\u00a0problem which is plaguing the industry as a whole \u2013 and the lives of many CISOs and their teams (\u201calthough organizations have many tools in place (\u2026), the tools often cannot be used in concert<\/em>\u201d).\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tIt also acknowledges the transversal nature of security matters, and the pressing need for the CISO and their teams to work across corporate silos, with support functions, business units, business partners and suppliers, and to build trust with each of those.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tBut in essence, it says very little around how to get things done, and that\u2019s the crux of the matter.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tMany of those issues have been on the table for years. Some of the best practices pushed by the report \u2013 around inventories, patching, identity, continuity or crisis management for example \u2013 would have been included in similar reports 10 years ago.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tSo the real question is still very much: Why are so many large organizations still struggling with those? And how to remove the roadblocks which have prevented them from making progress over such a long period of time, in spite of colossal investments?\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tWe wrote on this very matter for the first time in\u00a02015<\/a>, echoeing an article from McKinsey (\u201cRepelling the Cyber Attackers<\/a>\u201d \u2013 July 2015) and an earlier WEF report, also co-authored with McKinsey (\u201cRisk and Responsibility in a Hyperconnected World<\/a>\u201d \u2013 January 2014).\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nThe 2019 report makes the right diagnostic around execution as we pointed out above but overlooks significantly the real challenges involved in getting things right, and their real underlying governance and human dimension.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThe security industry needs to pivot away from \u201ctalking about things\u201d and why they go wrong, onto \u201cgetting things done\u201d and fixing things. This is not a problem which has \u2013 or can have \u2013 a purely technological solution.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tLeadership and the profile of the leaders \u2013 NOT TECHNOLOGY \u2013 are at the heart of the execution paradigm around cyber security in today\u2019s digital world.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nPeople\u00a0trust<\/a>\u00a0other people, and you need the right leaders to get things done around security, with the right balance of technical understanding, management acumen, personal gravitas and emotional intelligence.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nWhere do you find such\u00a0people, in a context where there are hardly any role models around and most CISOs are technologists by background?\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tTo get them out of business roles seems the right approach, but to incentivize the right profiles, security roles have to be elevated to attract and retain the best. And to that effect, organizations and governance models have to\u00a0evolve, as we pointed out in 2018.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tA clear and solid governance model established upfront is key to driving any type of large scale security transformation programme, and old\u00a0clich\u00e9s\u00a0such as \u201ccyber security (being) everyone\u2019s responsibility in an organization<\/em>\u201d are totally meaningless in absence of clear roles and responsibilities, reflected in job descriptions and pegged to annual objectives and compensation schemes, at all levels up to the\u00a0Board.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThose are the real challenges in today\u2019s digital world, as the focus\u00a0shifts\u00a0for senior executives, away from risk and compliance considerations towards the real execution and delivery of protective measures.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tFor too long, the security industry has been talking about what goes wrong without focusing enough on making sure that protective measures are in place. This is actually reflected directly \u2013 and quantitatively \u2013 in our 2019 semantics\u00a0analysis\u00a0of 17 annual \u201cGlobal Information Security Surveys\u201d from EY spanning a period from 2002 to 2019, with keyword markers such as \u201crisk\u201d, \u201cthreat\u201d, \u201ccompliance\u201d or \u201cincident\u201d 3.5 times more frequent across all surveys than words like \u201cgovernance\u201d, \u201cbudget\u201d, \u201cdelivery\u201d, \u201cpriority\u201d, \u201cculture\u201d or \u201cskill\u201d.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nThreats evolve constantly, but old and well-established security basics do go a long way to ensure protection in many firms: In the face of escalating cyber-attacks and increasing regulatory pressure, the challenges around cyber security are no longer about knowing what to do, but to get it done, and to get it done now and for good.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

The security industry needs to pivot away from “talking about things” and why they go wrong, onto “getting things done” and fixing things. This is not a problem which has – or can have – a purely technological solution. Leadership and the profile of the leaders – NOT TECHNOLOGY – are at the heart of the execution paradigm around cyber security in today’s digital world. People trust other people, and you need the right leaders to get things done around security, with the right balance of technical understanding, management acumen, personal gravitas and emotional intelligence.<\/p>\n","protected":false},"author":529,"featured_media":14367,"comment_status":"open","ping_status":"open","sticky":false,"template":"single-post-2.php","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[195],"tags":[93],"ppma_author":[3178],"class_list":["post-2327","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iot","tag-internet-of-things"],"authors":[{"term_id":3178,"user_id":529,"is_guest":0,"slug":"jean-christophe-gaillard","display_name":"Jean-Christophe Gaillard","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_b55e5afa-fb86-428a-a054-3be0451df2a4-150x150.jpg","user_url":"https:\/\/www.corixpartners.com","last_name":"Gaillard","first_name":"Jean-Christophe","job_title":"","description":"Jean-Christophe Gaillard\u00a0is Managing Director and Founder at Corix Partners. He is also a Non-Executive Director with\u00a0Strata Security Solutions<\/a>, a specialized cybersecurity firm. He has been co-president of the Cyber Security group of the\u00a0Telecom Paris Tech alumni association<\/a>\u00a0since May 2016. He is the author of \u201cCyber Security: The Lost Decade<\/a>\u00a0\u2013 A Security Governance Handbook for the CISO and the CIO\u201d, He contributes regularly to\u00a0The Digital Transformation People<\/a>,\u00a0Business 2 Community<\/a>, and\u00a0IoTforAll<\/a>\u00a0platforms, as well as the\u00a0Business Transformation Network<\/a>. He is an expert contributor on the\u00a0CIO Water Cooler<\/a>\u00a0and has previously published articles on\u00a0InfoSecurity<\/a>\u00a0Magazine, \u00a0Computing<\/a>, the C-Suite.co.uk,\u00a0Info Sec Buzz<\/a>\u00a0and the\u00a0IoD Director<\/a>\u00a0websites."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2327","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/529"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=2327"}],"version-history":[{"count":6,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2327\/revisions"}],"predecessor-version":[{"id":35206,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2327\/revisions\/35206"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/14367"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=2327"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=2327"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=2327"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=2327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}