Don’t say they weren’t warned. The forecast in my September 7, 2013 article “Will 2013 Be the Year Cybersecurity Crashes the Party in the Boardroom?" predicted stormy cybersecurity seas ahead for corporate America.
A plague of inadequate cybersecurity strategies is now raining on board members across the land, thanks to the massive Target Stores 40-million credit card heist; the resulting blizzard of lawsuits and subsequent ousting of its CEO; and numerous similar cyber breaches on retailers. The circumstances are highlighted in the Wall Street Journal June 30th article, “Corporate Boards Race to Shore Up Cybersecurity.”
The forthcoming corporation reactions will inevitably risk plunging them into a vast cyberspace void, populated only by scarce technical resources, a mind-numbing array of software cyberattack “solutions,” and seemingly insurmountable executive vs. technical cultural and language barriers.
Here is what to watch for:
Scarce resources: First, qualified cybersecurity professionals are in short supply. A recent report by Burning Glass Technologies, a Boston labor market analytics firm, showed that cybersecurity job postings soared by 74 percent from 1997 to 2013, with nearly 210,000 postings last year nationwide. Keep in mind that this is before the massive demand explosion we’re about to see.
Second, while there is no short-term solution to this problem, solutions are underway. Some cities, such as San Diego, have programs such as its Cybersecurity Center of Excellence. Nationally, the highly successful Air Force Association’s cybersecurity competition and scholarship program, CyberPatriot, fosters interest and education in the field for middle and high school students.
Programs such as these offer exceptional development opportunities for cybersecurity professionals and are looking for additional corporate sponsors and cyber team mentors to foster continued expansion.
Cybersecurity systems and tools: Cybersecurity is a booming industry. In addition to numerous larger firms, according to research firm SiNet, there were 1100 U.S. cybersecurity startups operating in 2013, with over 150 receiving investment funding.
Organizations in need of cyber protection tools are faced with an overwhelming array of cybersecurity alternatives. Addressing this challenge takes not only a solid enterprise cybersecurity plan but, yes, qualified cybersecurity professionals.
A word of caution, though: firms pursuing a tools-based approach to building cybersecurity rather than an enterprise risk-based approach will surely be disappointed (more on that in next week’s post).
Culture: Board members who are used to asking questions and receiving clear answers may be disappointed in the cybersecurity explanations provided by their cyber tech professionals. A recent article in the Wall Street Journal quoted a tech-deprived director as saying,
"Listening to these young IT people is like having someone who has never paid any attention to their health talk to a doctor."
The journey for this board-level rush into cybersecurity is fraught with risks. Timing expectations for implementation may not match reality, attacks will continue, and heads will roll. A second cybersecurity phase may then be undertaken to get results, and the cycle starts all over again.
This is a developing saga that is critical to our national security and economic health. Check here next week for approaches that will help keep misinformed and misdirected actions from sending corporations spiraling into a cybersecurity abyss.
("Stormy Weather Ahead Signpost Shows Storm Warning Or Danger" by Stuart Miles/FreeDigitalPhotos.net)