Cybersecurity Awareness Month (CAM) is a global initiative created by the U.S. Department of Homeland Security and the National Cyber Security Alliance to recognize the importance of digital security for both business and individuals. Now an internationally recognized campaign, CAM aims to spread awareness about the importance and urgency of cybersecurity.
I’ve been doing Shark Tank and Dragons’ Den for a cumulative 20 years, and when we started doing the show in the U.S. after the second season, I ask the show’s producer, “Why don’t we see more cyber stuff? Why don’t we see more tech deals?” And he kind of looked at me and said, “Look, I’m not sure how to tell you this, but what you do is really boring. Nobody cares.“
This was 12 years ago, and he was right – but today, cybersecurity is hot ! Our industry has made that pivotal shift where consumers care about what we do. In many ways, cybersecurity has become top of mind.
But there are still knowledge gaps at all levels of the enterprise. From top-level executives and board members down to everyday technology users, the rapid pace of change in the cyber landscape means that we must continually evolve our understanding and help others do the same.
Cybersecurity Awareness Month is one of my favorite initiatives because it reminds us to do just that. This year’s theme – “See Yourself in Cyber” – underscores this idea that even though cybersecurity is complex, everyone has a part to play.
Here’s where the biggest gaps remain in cybersecurity awareness across the enterprise and what we can do to fill them.
Business leaders are finally realizing that cybersecurity isn’t a luxury, it’s a necessity. And while we’ve made a lot of progress increasing executive buy-in, we need to take it one step further and help them understand that cybersecurity isn’t just a way to protect and prepare an organization for a potential threat – it’s one of the best business drivers an enterprise can have in its arsenal.
The biggest challenge us security leaders face is that we love the technology so much – we get so caught up in all the cool new tools and platforms – that we forget to speak the language of the C-level. They don’t care about what we do from a technology perspective – they care about the business value, the outcomes. How is this good for the customer? What value does this add?
And then there’s the associated risk. When your CEO comes to you and says, “Hey, how does the situation in Ukraine affect us?” They’re not really saying, “Tell me about our firewalls, tell me about our logging.” What they’re saying is, “How does our risk profile stand against our peers in the industry and how do we look against these external threats? And fundamentally, are we moving upstream and becoming more secure, are we stagnating or are we moving backwards?”
Go deeper: Hear from fellow CISOs on ways they are using cybersecurity to drive business.
We often forget that enterprises are made up of people. Our cybersecurity programs are good at keeping the business security objectives in mind, but often forget about the user experience. Training and awareness are critical, but at the end of the day users want to do as little as possible to be secure.
If you ask the average person if they care about security, something like 87% will say, “Absolutely. It’s critical.” But if you ask, “If you had to click another button to be more secure, would you do it?” only something like 10% of people will say yes. So, end users in your organization want to be secure… but they want you to secure them.
From a corporate enterprise level, we have to come out with a way that we monitor and ensure the security of the user community. We train them so they’re aware not to click on things and go to certain places, but we have to control that access without limiting their behavior, because convenience is always going to trump security.
I think that we are entering the golden age of what we do – security is not going to die. Twenty years from now, we are not going to be sitting here and going, “Oh, gosh. I remember when identity was an issue.” It will still be an issue. And it is on us to lead these efforts across every level of our organization, not just during Cybersecurity Awareness Month but every single month and day of the year.
To Your Success,
I’ve been in infosec for over 30 years and have had the great privilege of evolving and learning as a cybersecurity executive in a space I love. This blog has been set up to help me share the insights I’ve gained and experiences I’ve had with all of you. Every month I will post some advice and recommendations for my fellow Cyber CEOs – from current events to forecasted trends, and enterprise security best practices.
Let’s collaborate and communicate as we strive to keep our organizations (cyber) safe.
Enterprise security teams are adapting to meet evolving business needs. With six global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Cyderes is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.