Today, the world is so different than it was back then. Blockchain, AI, MTD, Cyber Insurance, etc. Every innovation that has come about is driving a digital economy, with new risks and new opportunities. All of these innovations are moving us closer to automation, and in many cases mitigation. The race of defeating risk has accelerated, now with full gusto, and is driving companies to think and act differently. It’s also driving the vendor community to do the same.
So, let’s discuss this a bit more in detail.
Organizations have historically looked at information security (now often referred to as cyber), as a function of the business. That function, is represented as an element of a broader whole, that must function to protect the organization from risk. Traditionally, this element has been staffed with technical leaders, developers, engineers and support roles. The integration into the business fabric has been secondary, or tertiary. As a result, this function has been operating without systemic interplay between the broader business.
And, that hasn’t worked.
Budgets are created, spent and technologies are leveraged. At the same time, organizations have been breached at unprecedented levels.
It’s time that leaders and board members decide to educate themselves on cyber risk. Relegating that sole responsibility to a CISO or CIO is a cop out. And it is highly negligent.
Boards and C-Level executives share responsibility in an organization risk posture, and that concept needs to be engrained across the team. At the same time, the CISO has a responsibility of democratizing information to their constituents, in a manner that is understood, timely and ongoing.
Vendors have a responsibility to stop peddling fear, false hope and playing on the complexity of the problem space. That has contributed to the problems we are facing. Analysts need to be objective, and look at a technology solution in the broader context of a system and organization, as opposed to being a “category” winner. This approach has driventhe creation of hundreds of companies which are truly just features.
And the most important point here, is this: