Overcoming today's risks and tomorrow's threats with confidence

A multidisciplinary approach to cyber leadership that extends beyond IT.

leadership execs superimposed on building
Getty Images

As any cybersecurity professional knows, the biggest threat to an organization is the one that hasn’t been launched yet.

Attackers have become so adept at the element of surprise that they send their targets into a tailspin whenever a new threat is unleashed – not only because of the damage that the threat inflicts, but also because no one saw it coming. This ability to ambush an organization’s cyber defenses intensifies the effects of the threat and leaves cybersecurity practitioners scrambling to minimize the damage while continuously looking over their shoulders, scanning the horizon for the next surprise.

There’s no question that cyber threats have become among the greatest risks to industry and governments today. That reality is putting an immense amount of pressure on cybersecurity professionals. From addressing privacy concerns and keeping up with new data-protection regulations to dealing with existing vulnerabilities and anticipating coming ones, these professionals have never had more on their plate, or more at stake.

Yet too often, the skills and resources required to keep up with these ever-increasing demands and to defend against complex, sophisticated threats go beyond the scope of what we’ve come to know as traditional cybersecurity education. Text books and technical IT training alone can’t create the types of leaders required in today’s complex world -- leaders who possess the unique and critical ability to devise and execute integrated, comprehensive cybersecurity strategies for nations and industries across the globe.

And so, it’s time for a new multidisciplinary approach to cyber leadership that extends beyond IT.

Today’s hyper-connected world requires a new type of cyber leader who possesses not only the necessary technical awareness that can be acquired through education and training, but also whose thinking is influenced by exposure to a broad range of ideas. Given the cross-function impact of cybersecurity, these cyber leaders might hail from IT or possibly law, policy, HR or even the traditional physical security space. 

Regardless of their background, they must be able to communicate openly and with confidence, actively pursuing the advice of others both inside and outside the organization. This leader must be generous with their time and knowledge to cultivate information exchange with all types of people. And while it’s unlikely that organizations will ever be able to truly anticipate attackers’ next moves, this leader’s broader education and experience will help create a more holistic view of the threat landscape and a deeper understanding of potential threats.

Take the example of the recent controversy surrounding the revelation that 50 million Facebook users’ personal data was taken directly or indirectly by a third-party app and then sold to a voter profiling firm. In response, US law makers are now looking at how privacy protections such as those laid out by the EU’s General Data Protection Regulation could help prevent, or at least punish, such actions.

This controversy isn’t just about the capabilities of modern technology; it touches on issues of privacy, ethics, politics, and partnerships for any organization that collects data about its customers or employees. And the end result could have financial, regulatory, and public relations implications. Knowing how to lead an organization through such a complicated scenario and the ensuing fallout demands much more than technology chops. It requires a well-rounded set of skills; not the least of which is the ability to quickly understand the impact of current events and pivot accordingly.

How does this new cyber leader hone these skills? By being exposed to disciplines that aren’t necessarily related to their area of expertise, whether it’s IT, policy or psychology. This can be challenging -- law and policy, human behavior, and technology are at times in conflict with one another. In order to make sense of these colliding forces and to determine the path forward, these new cyber leaders will have to develop effective strategies that leverage and unite their organizations’ stakeholders in technology, law, and policy.

With these skills, these leaders will be able to:

  • Understand the security, human, and privacy implications of emerging technologies, such as big data, cloud computing, mobile computing, social networks, the Internet of Things, and blockchain
  • Gain proficiency in identifying vulnerabilities, anticipating attacks, using monitoring tools, and developing defensive strategies
  • Build organizational resilience, crisis management, and response capabilities
  • Have the capacity to defend organizations against known threats while at the same looking ahead to anticipate the threats of tomorrow
  • Recognize that there’s no such thing as 100% security, and rely instead on strategy as the best security

With this new, multidimensional approach to leadership, cybersecurity professionals will be armed with the ability to set comprehensive security strategies for their organizations. In this blog, we’ll examine the challenges cyber leaders face and how possessing the right skill sets and perspective can help them overcome today’s risks and face tomorrow’s threats with confidence.

Copyright © 2018 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations