Heads up board members of whatever size of organisation, public or private, academic or charity, you are at war.
Not in a break out the guns and start marching down the street, or taking to the seas air or space. No we pay our taxes for that and our armed forces provide that cover across all those traditional spheres of conflict and in general (excuse the pun) do a heroic job. Especially when politicians stick their oar in slashing defence budgets, the UK, a case in point with our last few Governments doing hatchet jobs that would make any 5th columnist proud. For you must recall that UK Politicians since 1975 have slowly capitulated their national identities for a European Federalist political class, and the erosion of our soveriegn defence force is all part of that stitch up. Don’t get me wrong we have some who fight stoically for our sovereign identity and self-determination.
Back to the focus of this blog. Neither are you at war commercially any more than you have been since your company first launched. It is Cyber.
We are historically conditioned that we pay our taxes and the brave men and women of our military institutions fight our land, sea, air and space conflicts for us. Cyber is the war that no government or military can fight or at least not at today’s point in its evolution. It is however the fight that is coming to a board room near you NOW, if it has not already. A rolling guerrilla conflict that no Msc IT Chief or MBA commercial veteran CEO will have any real idea of how to fight.
To all Chairman and or Chief Executive Officers/Managing Directors, just as you would be unlikely to form a board of directors without a Chief Financial Officer, Technology Officer or Audit Director in yesterday’s world, there is a mainstay – Chief Cyber Security Officer (CCSO), a role that will, like finance, reach across all areas of operations and deep into strategic planning and budgets. This is what you will be doing whether you like it or not. Attempts to load balance this function across other roles, you will realise is a fool’s errand. Don’t be tempted to go down that path or mistake the CCSO as confusion with those CIO (Chief Information Officers) and or CISO (Chief Information Security Officers) roles out there. Cyber overarches the traditional governance and compliance orientated functions of the CIO’s and or CISO’s. All of whom are likely to report in large organisations to a CSO (Chief Security Officer).
Even SME (Small Medium Enterprise) organisations will need to find a way of introducing this CCSO skill set into their team. There are some Cyber Consultancies that are offering Virtual Cyber Security Officers, a retained 1 or multi day a month commitment to your business that will allow you to tap this specialist skill set at an affordable price. So there are options. For as long as our world evolves in its ever increasing Hyperconnectivity Cyber threats will continue to shock, amaze, stun and destroy in ever more creative ways. Cyber competencies will be as material as finance is to every business decision.
If you think this is just the ramblings of another security industry scaremonger, well I sincerely hope so because with the tsunami of hyper-connected devices flooding our lives in the form of what is coined ‘The Internet of Things’ (IoT), Gartner’s prediction of billions of devices being connected by 2020 heralds a new prospective dawn of hurt for many. Just reflect on the views of the Gulf Information Security Conference I chaired a few weeks ago. We cannot even do the basics to protect those environments we currently have connected. That is before we even consider the inconsistent level of discipline in employees who continue to do stupid things to expose their companies. As for awareness and training, until Cyber instinct becomes embedded in our society and behavioural DNA, the ‘wetware’ (humans) will remain the weakest link across all classes of end users as well as administrators. Oh and don’t think that’s just some employee/consumer grade of individual, it’s the decision makers, the senior executives who think they can dodge bullets. The silver lining is we are also the most effective remedy despite the promises of marketers with their use of a much abused term ‘Artificial Intelligence’ (AI). Most AI is far from Intelligent, little more than pattern matching solutions using machine learning, another deceptive term for rule based algorithms that imply more competence than actually exists. Oh and the dirty data sets that constitute most big data solutions just magnifies the fragility of much over hyped intellectual property in the form of ‘algorithms’. Don’t get me wrong, some of the solutions out there are truly creative and like a monkey wrench, in the right hands a valuable tool, but I am still to find a monkey wrench that will deploy and adjust itself.
Survival of the fittest will never be more poignant in commerce as it will be in the face of Cyber threats. The leaders in commerce will be doing what is needed in a war, get those who have experience on-board, the rest will be like a forlorn hope.
Government cuts to defence budgets has driven top flight military trained personnel with leadership skills into the market place and therein lies a valuable re-purposing opportunity. Outcomes that are now needed in the boardroom can benefit from a style of leadership forged in the furnaces of traditional conflict arenas. These are individuals experienced in orchestrating diverse skill sets into teams functioning to the highest levels of operational excellence, unfazed and dextrous in confronting adversarial creativity and offensive innovation. Military Strategic Campaign Planning, a deceptively straightforward title for what is a complex discipline to get right, represents a new generation of strategic planning capable of protecting the soft underbelly of commercial and public sector organisations.