Cyber Security: The Operational Illusion

Jean-Christophe Gaillard Jean-Christophe Gaillard
March 15, 2021 Big Data, Cloud & DevOps

Security culture and governance eat tech for breakfast

Looking back at what happened at ground level throughout the COVID crisis, it is clear that the focus has been entirely on operational matters: From moving into remote working at scale for the services industry, to keeping supply chains working for the manufacturing sector, or many retail firms having to re-invent themselves as digital businesses, literally within weeks. It has all been about keeping the lights on, understandably.

Tech and cyber security have been – and still are – at the heart of all this, and, as we wrote back in April 2020, it is hard not to see those sectors coming out as winners once the dust has settled over the pandemic.

But for now, the focus has been entirely tactical; nobody can see beyond the short term, and it is likely to remain the case for the best part of 2021. This is hard to criticize as a business approach given the scale and depth of the crisis, but in many firms, when it comes to cyber security, it is simply perpetuating and aggravating an endemic tendency, which over the past 10 years, has kept CISOs trapped in endless firefighting, has prevented them from developing in terms of leadership and management skills, and has not brought forward the necessary maturity changes around security in terms of governance, organization and culture.

This will be a serious problem in many firms which would have been locked for years in slow-moving and expensive security programmes, and now need to transform their security practices at pace as cyber security has become a pillar of their “new normal”.

It is an illusion to think that all the tactical and operational focus which has been prevailing around cyber security since the start of the pandemic, is transformative.

It might be counter-intuitive but moving past this operational obsession with cyber security is key, as we look ahead, to unlock long-term transformational dynamics.

The idea that the consistent protection of the business from cyber threats can result entirely and purely from the implementation of technical tools – or ad-hoc pen tests for that matter …  – is fundamentally flawed, in absence of a coherent overarching vision.

Tactical knee-jerk reactions simply add layer upon layer of technical legacy. Over time, the poor delivery of poorly selected tools breeds distrust with senior management, who can’t help but seeing that breaches continue to happen in spite of the millions spent. The inefficient reverse-engineering of security processes around the capabilities of the tools leads to escalating operational costs, staff shortages and apparent skills gaps. CISOs feel alienated and leave. All this builds a narrative by which security becomes a cost and a problem, and overtime nobody wins.

Throwing money at the problem – for the industries where that is still an option in the midst of the COVID crisis – is not the answer for firms where security maturity has stagnated as a result from decades of under-investment and adverse prioritisation by the business.

More than ever, now is the time to think in terms of People first, then, Process THEN Technology, if the objective is to build a lasting transformational dynamic around cyber security.

It is a vision that has to come from the top and be relayed across all the silos of the enterprise. Cyber security cannot be seen as the responsibility of the CIO or the CISO. It needs to be visible and credible as part of a coherent business purpose, communicated coherently to the staff by senior management, and relayed – and enforced – by a proper governance framework.

It is the embedding of security values in corporate culture and corporate governance that should drive the transformative efforts around cyber security and will lead ultimately to effective cyber resilience.

This is certainly harder to put in place than buying more tech or doing one more pen test, but it is the key to long term transformative success around cyber security, in particular as younger generations become more and more sensitive to clarity of purpose and positive business values.

  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

  • Jean-Christophe Gaillard

    Tags
    CIOCISOCyber ResilienceCyber Security
    Leave a Comment
    Next Post
    How To Achieve Digital Transformation In 12 Steps

    How To Achieve Digital Transformation In 12 Steps

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in Big Data, Cloud & DevOps
    Big Data, Cloud & DevOps
    Cognitive Load Of Being On Call: 6 Tips To Address It

    If you’ve ever been on call, you’ve probably experienced the pain of being woken up at 4 a.m., unactionable alerts, alerts going to the wrong team, and other unfortunate events. But, there’s an aspect of being on call that is less talked about, but even more ubiquitous – the cognitive load. “Cognitive load” has perhaps

    5 MINUTES READ Continue Reading »
    Big Data, Cloud & DevOps
    How To Refine 360 Customer View With Next Generation Data Matching

    Knowing your customer in the digital age Want to know more about your customers? About their demographics, personal choices, and preferable buying journey? Who do you think is the best source for such insights? You’re right. The customer. But, in a fast-paced world, it is almost impossible to extract all relevant information about a customer

    4 MINUTES READ Continue Reading »
    Big Data, Cloud & DevOps
    3 Ways Businesses Can Use Cloud Computing To The Fullest

    Cloud computing is the anytime, anywhere delivery of IT services like compute, storage, networking, and application software over the internet to end-users. The underlying physical resources, as well as processes, are masked to the end-user, who accesses only the files and apps they want. Companies (usually) pay for only the cloud computing services they use,

    7 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: support@experfy.com

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2023, Experfy Inc. All rights reserved.