Cyber threats are here to stay, and are growing in sophistication. Leaders worth their salt, says Joe Jouhal (CEO with Avatu writing in the New Statesman) always face a challenge head on. And this is how.
If there’s one thing that a business leader understands, it’s risk: risk to the share price, risk to the organisation’s reputation, risk to his or her career.
It’s a universal language understood by all business leaders everywhere until...for some (apparently almost inexplicable) reason, they come face-to-face with cyber security.
It’s hard to believe, but report after report shows that many business leaders still don’t – to the frustration of their security and IT teams – have a handle on their organisation’s cyber security liabilities, and the threat their organisation faces because of it.
Indeed, the chair of the Institute of Directors, Lady Barbara Judge, said that cyber security is so overwhelming for many senior executives and boards that they leave it in the “too difficult category”, no doubt hoping it will just go out of fashion and melt away.
The question is why? And what can be done about it? It appears – as the IoD has already identified – that many people, even at the highest level, find the subject too complicated and too confusing.
They also expect the solutions to be overly expensive and don’t think they’ll be affected. They believe the rudimentary perimeter protection they rely on now is enough to combat the evolving threat.
But this finger-in-the-air approach isn’t leadership. It’s Russian roulette.
A leader can’t say his or her organisation doesn’t need to be on its guard without first properly analysing the threat.
Tackling cyber and data security issues can be simple and inexpensive
There is a lot of unnecessary hype and hyperbole. And cyber security is sometimes considered the “new big thing” with a flash of the emperor’s new clothes. But the truth is, technology is already ingrained in our business world and it’s only going to increase as more and more of our equipment is controlled and monitored over the internet (commonly known as the Internet of Things).
If a business doesn’t do it now, it is going to have to do it in the near future.
Its existence means we have to change the way we operate in business. Exactly in the same way we had to accommodate the steam engine, the telephone and strong- armed health and safety directives.
It is something almost all businesses should be taking seriously, merely because the ramifications of getting it wrong can be extremely costly (ask TalkTalk, Sony, Carphone Warehouse, Ashley Madison, Lincolnshire County Council, Bettys Tea Rooms – and the many more who have suffered).
The sooner leaders get to grips with the subject, the sooner layers of mitigation – in the shape of technology, policies and practices – can be introduced to reduce the risk of cyber and insider threats.
Tackling cyber and data security issues can be simple and inexpensive. There are solutions for every pocket and everyone’s appetite for risk. But underpinning it all has to be strong leadership to face the subject head on, and risk-based, tried-and- tested, age-old good business sense.
Joe Jouhal is CEO of Avatu, cybersecurity and information security advisers to inspiring companies.
This article was first published in the New Statesman. See it here.