True Crime Story: A Fallen Leader
David Mauro
Advanced I.T. & Cybersecurity Services???NetGain Technologies???Security Awareness-as-a-Public-Service???Cyber Crime Junkies Podcast???
Reading this from one’s office, wherever that is today, is a luxury for some leaders. It’s a living embodiment missed by one, a former CEO. He is simply not welcomed at his office any longer. Disconnected from the team that once consisted of closest allies, confidants and friends. After more than 15 years, he’s has been forced to resign and now faces claims, being subject to civil liability, growing legal bills. His family left without any clear understanding exactly what went wrong.
Misunderstanding the role of the CEO to be one to solely drive profit and investor return, former CEO, Jacob, missed the modernized role of thought leader and visionary. One in charge of the organization’s “culture” which, as used here, simply means the baseline understanding, morale, training and policies in place at every level of an organization.
Specifically, he missed the crucial aspect of the role that cybersecurity is not just the responsibility of his former CIO. It was Jacob’s equal responsibility.
His career and the company he loved, now stand as a mere shell of their former existence.
CULTURE AND CYBERSECURITY
For decades, the idea of culture was something he thought meant bean bags, free meal plans (“open plan”) and ping pong tables, especially when trying to appease younger generations. IT security and the risk of a data breach was solely a worry of the IT department. If something went wrong, fire the IT team or its leaders or cancel the contract with the third-party contract services provider. Simple.
But those days are gone. They’ve been gone for a while, yet we still come across CEO’s like Jacob who fail to understand:?IT security and a data breach are the responsibility of the C-suite.?The C-suite members are now held accountable. They risk, very realistically, being replaced, voluntarily or involuntarily, after a security data breach.
A data breach involves the loss of everything that matters. Everything that makes your organization unique (differing value proposition, intellectual property, customer lists, etc) is at risk of being taken. In fact, the odds more likely than not that you will be targeted.
The cyber criminals today are not some kid in a hoody up all night drafting code in mom’s basement. It’s a sophisticated organization, albeit illegitimate, involving layers of people that each gets paid along the way. They all have one goal: your data. They expose it for notoriety, greed or political purposes.?Sometimes simply to show one thing: that they have the power to do so.
Era of Accountability
There are hundreds of examples of small and mid-sized organizations who leadership has been forced to resign or outright terminated following a breach. The reasons are simple. It’s essentially a breach of your fiduciary duty as a leader to expose personal and private data to untrusted and unknown parties.
A data breach attacks and takes the?very heart of an organization?and gives it to the enemy. If it’s private, personal information, then the enemy is public exposure. If it’s financial data, the enemies are non-fiduciaries, meaning those who have not knowingly been entrusted to care for that financial data. At the end of the day, nobody wants to do business with any organization that will hurt them. In this sense, the injury comes from data breach.
In addition to the hundreds of examples of C-suite members losing their positions from data breaches at small and mid-sized organizations, there are the more obvious larger breaches that garner much of the news cycle. The Target breach caused the CEO to resign following the publicized exposure of 110 million customer records which were compromised. This, to date, is the largest breach of payment card data. That’s today, though.
The first step in cyber security defense and leadership addressing brand protection is this: admitting you have a problem.
领英推荐
MINDSET
It's a matter of mindset as well. As Simon Sinek describes the Infinite mindset understands that there is no actual winning or losing in business. The goal is sustainability and preservation. The short-sighted finite mindset is what Jacob had here. He focus on short term profits and bowed to arbitrary dates and timelines to justify not taking accountability. In a private company it's unacceptable and the tide is beginning to change in public companies. Jacob's was a private company-one that should have view the longevity as a top priority. For more on this check out Simon's work in The Infinite Game.
A data breach can have devastating and crippling effects to your operations and a breach affects every layer from top to bottom. The risks come from daily attacks involving non-technical criminals who push out malicious malware, from ransomware (which encrypts your data and blocks you from accessing it, shutting down your device and network until you pay a ransom by a date certain) to remote access trojans (which take control of your device and network, extracting data, uploading it) causing data to be disseminated publicly.
Impact of a Cyber Attack
The statistics are overwhelming and exacerbate daily. Not only are U.S. organizations targeted daily but the perception that most leaders have is misaligned. Cybersecurity is really not an IT-issue.?
Rather it’s an issue owned by everyone at the organization, since?Cybersecurity goes to the very heart of the organization’s brand.?So too, the culture must adapt to embrace Cybersecurity as part of the daily routines addressed by everyone. Ownership falls on leadership to drive this cultural shift.
Because cybersecurity is intertwined with an organization’s culture, the way it is approached and the attention it’s given matters. It goes to the heart of the organization’s brand and therefore must be given the attention the brand is given. It’s interwoven into the fabric of the brand. The lack of thinking properly about it can destroy the very brand it’s supposed to protect.
There are many steps to take. Where to start depends on your history and current stance. Literally every organizations has a need to level up, advance this year and move the needle.
Where to start? Assess where you are. To change the status quo, we have to identify exactly where we are at today, in detail. An assessment is that first step. To assess your current state, desired state, the gaps and create a roadmap to get there is fundamental.
David Mauro
Regional Manager Great Plains, Chicago Market
All Covered, Konica Minolta Business Solutions, US
Contact David Mauro and the All Covered Team to learn more. @[email protected]
Subscribe at CYBERCRIMEJUNKIES.COM
Like/Follow on Facebook @CYBER CRIME JUNKIES
Please Share & Follow
Advanced I.T. & Cybersecurity Services???NetGain Technologies???Security Awareness-as-a-Public-Service???Cyber Crime Junkies Podcast???
2 年Blake Booher Mark Mosher Jack Coffaro Steven Karst Brad Smith Anthony Garofalo Brian Spangler