Our second in a series of blog posts based on our infographic ‘How to Spot a Cybersecurity Pro’ highlights the importance of including cybersecurity in all aspects of a business, not just the IT department.
#2: Cybersecurity professionals understand that cybersecurity is a strategic company imperative that crosses all aspects of a business.
I believe that asking the right questions is critical to breaking down complex problems and catalyzing challenges into opportunities. The right questions are multipliers. As levers and pulleys serve to multiply physical effort, the right questions can multiply analytical effort.
“I keep six honest serving men (they taught me all I knew); Their names are What and Why and When and How and Where and Who.” — Rudyard Kipling
Kipling was onto something: His "Six honest serving men” could not be simpler to remember. And I believe that the simplest tools can help solve the hardest problems.
Here’s a small sampling of the questions (6 W’s and an H, as it happens at IGI) that our cybersecurity team members ask themselves regularly to multiply the effort we apply to effective decision making around investing in cybersecurity:
- WHAT happens to our operations in the event of a breach or incident that impacts our ability to run our business, exposes noncompliance, or affects our customers, vendors or employees?
- WHY would our customers trust us again with, for example, credit card information, or ACH transactional information, should we be compromised?
- WHEN would be the worst time to have a disruption of business?
- WHICH steps are we not yet taking to deter a breach?
- WHERE are we most vulnerable to breach?
- HOW should we hierarch the steps available to us to prevent a disruption of business?
- WHO is accountable for asking these questions again in a reasonable time frame?
Interestingly, department heads (and their teams) often answer these same questions with different answers and different reasoning. That’s understandable. These are hard questions with abundant ambiguity.
In fact, it can a good thing when answers initially differ between team members. When IT and Sales have different perspectives, it can be informative. That sort of separation tends to flesh out our natural blind spots and biases, which helps us ask even better questions.
With the right cybersecurity partner asking the right questions to accurately assess risk from every aspect of your business—every department, every employee, every device, and every other possible attack surface—your company will be more prepared for a cyber incident. Cybersecurity is larger than IT because we are all an attack surface and, if your organization is breached, it will impact far more than just IT. So, make better decisions by asking better questions to identify risk and raise barriers to breach.
Members of Boards of Directors, CXOs, and other leaders must ask these questions regarding their companies.
It’s often said that leadership is the art of decision making. So effective leadership is, in turn, about making good decisions consistently.
In my career, I’ve learned that the work of good decision making never ends and relies upon repeatable frameworks and processes. There’s no simple way to reconcile numerous disparate variables that cross disciplines, departments, and expertise. But there are simple tools and methods that speed, standardize, and simplify the work of good decision making.
If you’d like to learn more about our techniques, or how to start partnering with our team to make better decisions, please connect with me on LinkedIn, or email me at: firstname.lastname@example.org