Even my neighbor understands that organized crime and nation-states attacking economies through cyber theft, cyber war and cyber espionage is a giant leap from “script kiddies” defacing websites.
My neighbor also understands that organizations will need to respond with significantly different methods to defend our organizations and infrastructure against these attacks. So, while even my neighbor “gets it” why have fewer than 10 percent of organizations made the significant investments to respond to these advanced attacks?
The problem is simple — the cyber security workforce is rich in experts who know the vulnerabilities and the ways to hack into networks, cars and even pacemakers. And while this expertise is critically important, this isn’t the knowledge that puts the C-suite into motion.
To take bold steps in a new direction, the C-suite needs: 1) a firm understanding of the liabilities, and 2) methods and expertise to craft new strategies and implement them.
Strategy execution skills will soon be the new “skills gap” in the cyber security workforce.
So, while the security industry has historically rallied around vulnerabilities, the C-suite has been waiting for us to rally around something they understand — strategies. As a result, cyber security experts keep wondering which exploit or high-profile attack will get executive attention, and executives keep saying, “We have heard enough, but what are we supposed to do exactly?”
This disconnect has resulted in a multi-year stalemate for many organizations.
A few nonprofit security organizations are unlocking this stalemate by making the paradigm shift and rallying around strategies rather than vulnerabilities.
One such organization is the Cyber Security Summit (www.cybersecuritysummit.org). Last year I had the privilege of speaking at the Summit along with Howard Schmidt, Patrick Reidy, Wade Baker and many other notable thought leaders in the security industry.
When asked about the current state of cyber security, Gopal Khanna, founder and chairman of the Cyber Security Summit, says, “CEOs cannot down-source defending their organizations against cyber attacks to their corporate IT departments anymore. Instead, they need to take the lead in making cyber security a corporate information risk management issue.”
This year’s Summit will take place Oct. 22-23 in Minnesota and will tackle strategic topics such as evolving the cyber insurance markets, clarifying director and officer liability for inaction, balancing privacy and security, and debating what Snowden means to the cloud.
The RedShield Association for Cyber Defense is another great example of an organization rallying around strategies. The RedShield Association helps organizations identify resources with the rare combination of expertise required to successfully implement new security strategies.
While the “security labor shortage” is old news, when we look through the windshield rather than the rear-view mirror, we see 90 percent of organizations globally who need to implement new security strategies and a very small labor pool of people qualified to lead these strategy implementation efforts.
Strategy execution skills will soon be the new “skills gap” in the cyber security workforce, and organizations will need to compete to retain the talent they need to implement their transformations.
An executive ready to take bold actions to address advanced cyber attacks can now leverage the Cyber Security Summit and the RedShield Association as partners for learning which strategies are working, discovering new strategies, and identifying qualified human resources for implementing these strategies.
For more information about the Cyber Security Summit and the RedShield Association for Cyber Defense, go to www.cybersecuritysummit.org and www.racd.org respectively.
James Ryan, who noticed the recent cyber-related discussions in Colorado Springs and offered to provide this column, is a serial innovator in the cyber security space and co-founder of Litmus Logic LLC (www.litmuslogic.com). James is credited with forming new security strategies that have led early adopters to invest more than $100 million over the past few years. He speaks at many venues, including the DoD CyberCrime conference and the Cyber Security Summit, was a guest on the History Channel to describe cyber warfare, and is a member of the Cyber Security Summit’s Executive Council.