• United States




New year provides enterprises prime opportunity to recalibrate security posture

Jan 23, 20184 mins
Data and Information SecurityIT StrategyTechnology Industry

There is no question we are living in times of turbulence, but these are also times of unprecedented opportunity for enterprises to harness technology to connect with customers in innovative ways.

security lock
Credit: Thinkstock

Back in the mid-1990s, I had the privilege of meeting Peter Drucker, who many refer to as the “Father of Modern Management.” For me, perhaps one of his most insightful comments was that “the greatest danger in times of turbulence is not the turbulence – it is to act with yesterday’s logic.” Drucker, who passed away in 2005, could not have foreseen what a societal focal point cybersecurity would be today. But his words resonate especially in the context of the highly challenging threat landscape menacing organizations of all sizes and types across the globe today.

The technology landscape – and by extension, the global digital economy – is evolving at a remarkable pace while rendering many traditional business models defunct and legacy systems incapable of supporting enterprises’ abilities to effectively and securely realize the positive potential of today’s technology. Factor in a rapidly changing legal, regulatory and compliance environment, along with exponential growth of security challenges from sophisticated and opportunistic cyber criminals, and it is quickly apparent that enterprises relying upon yesterday’s logic is indeed a recipe for danger.

Predictions of growing cyber troubles in 2018 populate all the major search engines and publications. It didn’t take long for any illusions of a smoother ride for enterprises and their security teams in 2018 to be dashed in the first week of January when the Meltdown and Spectre processor vulnerabilities created widespread consternation. While none of us can be sure what and when the next cybersecurity crisis to jar the enterprise landscape will be, boards of directors have received fair warning that there’s no time like the present to give cybersecurity its just due on their agendas.

Rather than relying upon yesterday’s logic, embracing strategies required to safeguard our enterprises today and tomorrow is a must. The new year presents an ideal time for enterprises to recalibrate their security posture. While organizations cannot control all elements of an ever-expanding attack surface, they can ensure they are placing themselves in the best possible position to increase focus on what they can control, and deploy their resources accordingly.

This means investing in performance-based training for their workforces. ISACA’s 2017 State of Cyber Security research shows that practical, hands-on experience is viewed as the most important qualification for cybersecurity candidates, even more so than a credential itself – and with good reason, given the complex and highly technical nature of their work. Investing in a highly skilled, well-trained workforce – and keeping it that way – provides the needed foundation for organizations to protect their most valued assets.

While providing real-world training is a critical piece, optimizing the impact of that training requires organizations to have the right people in place. Considering the well-documented global shortage of cybersecurity talent, grooming network specialists, data analysts and other employees with related skills can allow organizations to fill gaps on their security teams. This is especially necessary for smaller organizations that are not equipped to outbid competitors for upper-echelon applicants. Recognizing the need to hire and empower more women in the tech workforce also must be part of enterprises’ mindsets when it comes to bolstering their workforce.

Ultimately, for there to be confidence in the boardroom about security capabilities, enterprise leaders need the ability to assess their organization’s cyber resilience, quantitatively and qualitatively, and compare themselves to competitors in their industries and geographic areas. Possessing these insights will allow boards of directors and executive management to create road maps that make the most sense for their organization, and even provide board directors the rarest of commodities in this era – some peace of mind that they are on the right track. Next month I will share further details on how ISACA will support this important endeavor.

There is no question we are living in times of turbulence, but these are also times of unprecedented opportunity for enterprises to harness technology to connect with customers in innovative ways. As long as we are prepared to move beyond yesterday’s logic, we need not allow the lurking dangers to hold us back from an exciting future built on the promise of inspired innovation through technology.


Matt Loeb, CGEIT, FASAE, CAE, is the CEO of ISACA, which serves 159,000 professionals with expertise in audit, assurance, security, privacy and risk. Prior to joining ISACA, Loeb was staff executive for the Institute of Electrical and Electronics Engineers (IEEE) and the executive director of the IEEE Foundation. His professional experience includes enterprise strategy, corporate development, global business operations, governance, publishing, sales, marketing, product development and acquisitions functions in a variety of for-profit and nonprofit organizations.

In 2016, Matt named a Fellow of the American Society of Association Executives (ASAE). He is one of only 251 individuals to receive this recognition since the program’s inception 30 years ago. This industry recognition is bestowed on fewer than 1 percent of those working in the nonprofit industry. He was also selected by the National Association of Corporate Directors (NACD) as one of the top 100 Directors for 2016, and honored for this recognition at NACD’s annual Directorship 100 event in New York City in November.

Matt has been on numerous corporate for-profit and non-profit Boards. He currently serves as board chair of Pittsburgh-based Clearmodel, as a director on the Board of the American Society of Association Executives and the ASAE Foundation, both of which are based in Washington, DC, and as a trustee of Excelsior College located in Albany, NY.

The opinions expressed in this blog are those of Matt Loeb and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author