How a CEO can Prevent a Cyber Attack Without any Cybersecurity Knowledge
In many businesses, the theory is that if you throw enough money at something, you can fix it. While this is true, to a degree, CEO’s and other business executives don’t want to spend more than they need to. This is where effective strategy comes in.
A well-thought-out strategy will prevent “throwing spaghetti at the wall” and often leads to the best solution or plan. It’s also a key element for every department to turn to when getting down to work — IT is no exception. Therefore, strategy needs to be a cornerstone of an organization’s cybersecurity planning.
Executives Need to Be at the Strategy Table
Creating a cybersecurity strategy is something executives need to be part of, even if they don’t have the basic knowledge of cybersecurity. Afterall, it’s is a challenging area for anyone to understand and unless the organization is in IT, it’s unlikely that the CEO or other C-suite executives are going to have cybersecurity courses in their background.
That being said, executives can definitely help prevent cyber-attacks without any cybersecurity training. They bring their knowledge of the organization as a whole, at a high level, to the table to create the right strategy. While they won’t bring knowledge that someone with Network+ certification has, they do have the necessary organizational overview.
This overview includes an executive’s knowledge of organizational departments, how they are expected to function and how they work with other departments. Information like this helps them inform the strategy team about how current functions and future plans should be integrated.
Who Creates the Strategy
Ideally, a cybersecurity strategy shouldn’t be created by one or two people. Imagine if an IT help desk team member with Security+ certification felt they were ready to create an organization’s strategy with a bit of input from the network administrator! While having training like Security+ as well as things like CySA+ certification are often very important aspects to aid the process, there needs to be more input from various people with other skills.
CEOs will lean on IT team members with cybersecurity courses in their repertoire, like A+ certification and others. They will then balance this with the overall organizational goals, views and insights. Others in the organization who help with training might be brought in, administrative team members bring process understanding to the group and a consultant could be brought on board to help bring it all together.
The CEO and other executives need to be keenly aware of what they envision for the future of the organization when the cybersecurity strategy is developed. For example, if the plan is to roll out an online ordering system, this needs to be incorporated into the strategy. If a merger is on the horizon with a company that will bring more consumer data, that data and its security needs to be included in the planning.
Deciding on Products and Tools
For a CEO, the very concept of cybersecurity is rife with stress. While vendors are going to try to bypass gatekeepers and move straight to C-suite executives to sell their products, executives need to bring those options to the strategy table for the team to discuss, review and make decisions on. Unfortunately, many companies are still in a knee-jerk place with cybersecurity where every product that comes along sounds great and the result is a mash-up of things that don’t work together and don’t reflect the organization’s current status or future plans.
No matter what products and tools are recommended within the strategy’s tactical section, it’s important to keep in mind that nothing can deliver “fail-safe” security against cyber threats. Cyber criminals are sophisticated and constantly evolving. Therefore, the cybersecurity strategy also needs to include sections on what to do “when” a breach occurs, rather than “if”.
CEOs and other executives understand that cybersecurity is an organizational issue, not just an IT issue. They also need to bring their knowledge to the table to ensure strategies are robust and informed by the plans for the future.
Written by Ronda Payne
