There are defining issues in any executive’s career that can catapult you to dizzy new heights or bring you tumbling back down to mediocrity. The trick is to spot those issues first and react to them ahead of your peers. More and more, we are seeing CIOs suffer at the hands of cyber attacks, but how many understand that their people, not technology, are the most important line of defense?
When Germany’s Interior Minister Wolfgang Schaeuble took part in a panel discussion to celebrate the opening of a religious studies department at a Berlin university a few years back, it is probably fair to say he didn’t think he was exposing himself to a major security risk that would ruin the credibility of a key policy he supported. Yet that is exactly what happened.
A few months later, German hacker group the Chaos Computer Club (CCC) published 4,000 issues of their magazine Die Datenschleuder containing a reproduction of Schaeuble’s fingerprint that could apparently fool the same biometric readers that the minister was advocating to improve his country’s border security. The CCC had swiped the fingerprint from a water glass he had picked up at the event. Needless to say, this somewhat discredited his assurances on the robustness of the security mechanism.
Hackers are motivated by all kinds of reasons: some use their skills to make political points, some are purely in it to make a buck, others simply to prove they can outsmart the designers. Whatever the reason, as businesses become more digital in nature, they leave themselves more vulnerable to cyber attack. EY’s Global Information Security Survey 2013 provides a timely and in-depth analysis of how organizations around the world are responding to cyber threats and addressing cyber risks.
For CIOs, the upshot is simple: get this wrong and you might well find yourself looking for a new career. Take Stephen Fletcher, the former CIO of Utah State, for example. As reported in The Salt Lake Tribune, Fletcher was fired following a security breach that exposed the personal data of several hundred thousand citizens. On the flip side, few boards will fail to show their gratitude when a cyber event does occur and you’re able to prove you’re on top of it. In short, mastering this is not just good for business, but your personal profile too.
For further reading, order a copy of Responding to Targeted Cyberattacks, a fantastic book written by several experts at EY that takes an in-depth look at cybersecurity risks and highlights how much of a people problem this is, rather than a technology one:
- Advanced threats now target individuals, making them your first line of defense.
- Cyber attacks are a business problem and a people problem, not just a technology problem.
- User education and awareness are critical to your success.
- Prevention strategies are not enough – plan for how you’re going to react when an event occurs.
So, how close to your people – and their security habits – are you? Is it time to clean up your act?