FEATURE : CYBERSECURITY
This brings me to something that more and more managers need to understand . There are two types of organizations : those that have already been breached and those that are going to be breached .
Be it a disgruntled employee , a vendor , a cyberattacker or a cybercriminal , they will have the opportunity , the means and the reason to obtain a benefit , or information that they can later exchange for their profit . That is , the economics of cyberattacks that could , depending on the country , become a cybercrime . has just happened in the neighborhood . Neither do we imagine that cars are , in terms of safety , as they were at the beginning of the 20th century , without seat belts or new technologies as we have today .
How to get involved ?
All of this is cyclical , it ’ s a constant .
Once , I was talking to a counsellor of one of the largest financial entities in Mexico . We began with a talk on aviation , a topic that we both treasure as private pilots for entertainment . The talk changed to the topic of cybersecurity , where he confessed to me that the main problem is that managers do not want to talk about cybersecurity because they do not understand the risk . They do not know how to treat it and when the cybersecurity specialist arrives , he is not able to explain to the business the risk and where the organization is heading .
Immediately , I told him that I also saw it from the opposite perspective . The specialists had not identified the risk to the business , they saw it as a technological risk , a risk to what they see around their neighbour or what the supplier tells them .
So what do you do as a manager to get more involved ? What can you do to have more visibility of these risks ?
Managers have to understand at a very high level the risks in the critical processes of the organization .
They need to seek out cybersecurity performance indicators , support awareness within the organization , being the first to comply with them and commit and get involved in the subject .
They need to get involved in a way that allows validating the cybersecurity of the organization , repeatedly asking the team of specialists :
Andrés Velásquez , founder of MaTTica
If we add to that the issue of not speaking the language of business , it will be almost impossible to reduce the gap between managers or business decision-makers and cybersecurity specialists .
I commented to him that , given the common taste for aviation , it would be very challenging to fly a plane that has not been checked on the ground . Imagine arriving , getting on and starting the takeoff and , already in the air , checking if fuel or oil is at the right level . His face changed immediately : ‘ Not even crazy , it ’ s very risky ,’ he replied .
• What are the most important threats to our business lines ?
• What are we doing to mitigate these risks and how effective are these countermeasures ?
• What is the residual risk and what are we going to do with it ?
• Have we done exercises to measure effectiveness ?
All this will allow you to have a conversation with the specialists , but also for both of you to have in mind what to do and understand what is going to happen . p
That is what is being done in cybersecurity , it is trying to solve some things when they are already in the production stage , and may put the organization at risk . If we add that , unlike operational risk based on outdated statistics and changes that are to a certain extent controllable , cybersecurity risk is changing – in many cases we don ’ t know how to face a new attack so we have to be more agile and clear .
At the end of the day , everything evolves and everything changes .
CYBERSECURITY RISK IS CHANGING – IN MANY CASES WE DON ’ T KNOW
HOW TO FACE A NEW ATTACK SO WE HAVE TO BE
MORE AGILE AND CLEAR .
It ’ s hard to imagine implementing security for the home without making changes or improvements if something
www . intelligentcio . com INTELLIGENTCIO LATAM 55