BradEgeland.com
  • Welcome
  • Blog
  • Expertise
  • Resume
  • Software / Service Reviews
  • Contact
  • Videos
  • Books / White Papers
  • Mentoring Contact Form
  • Awards/Recognition
  • Templates & Downloads
  • Clients
  • Professional Services
  • Past Survey Results

Are We Taking Cybersecurity Seriously Enough?

2/20/2021

1 Comment

 
Picture
There’s no doubt that we will all be hacked or breached or have our data and identity affected by a breach sooner or later. Most of us already have. I know my Twitter account has been hacked twice and my Facebook account has been hacked at least once. And it seems at least once per week I get a FB friend request from someone I’m already friends with meaning either they’ve been hacked or I’m about to be if I’m stupid enough to accept.


Where am I going with this? I’m pointing out that there are bad people all around us lurking in the shadows meaning to do us harm in a non-physical or non-violent way. They are called hackers and really have nothing against you personally. They are just out to bring chaos to your world, grab sensitive data, possibly sell it or offer it back to you in exchange for money or they just may be doing it all to show that they can. After


If you haven’t been hacked, breached or compromised in some way by a hacker - rest assured you eventually will be and really no amount of avoidance or mitigation planning can completely save you from the affects of hacker actions. Start taking some or all of these steps now to make it happen and keep your organization's corporate head above water, figuratively speaking...


Start somewhere. Please, please, please... start somewhere. It doesn't have to be with a full-fledged cybersecurity staff. But we have to start somewhere. If you are smaller, or a startup or not engaging in large, high visibility, data sensitive projects often, then look for one or more internal resources who are interested in training in cybersecurity and have them take on the part-time or full-time role of cybersecurity lead and have them participate on projects that may need that time of data management, risk evaluation and oversight. Or, if you're smart, you'll have them involved as a part-time resource on every project on an ongoing basis.


Charge everyone to be accountable. Now, I don't mean that everyone in the organization needs to become a cybersecurity expert. Far from it. But they need to have an awareness, an accountability to the company masses and the organization's customer base. Think “bystander apathy” and “bystander awareness.” Don't let the company masses become just bystanders. Get them actively involved in the effort to not leave the organization open to hacking. Think participation rather than hinderance or obstruction. Educate the masses in the organization on the criticality of what it means to have a data risk and breach that potentially cripples the organization and ask everyone to be hyper alert to black hat activities and their own behavior that could cause security holes from an IT perspective.


Make cybersecurity part of every project and customer initiative going forward. Whether you grow a cybersecurity presence and knowledge base from within starting with one more individuals who have an interest or you go full blown with a C-level presence like a Chief Security Officer (CSO), a hired staff of a few cybersecurity certified tech leads and a big staff budget, it is imperative that going forward there is a cybersecurity presence on all data sensitive projects and likely all projects period. This presence may only be during risk identification, but it may also be needed on a weekly basis having a sit-in presence on all weekly project status meetings to offer advice, decision input and to answer staff and customer questions. Trust me, the topic will only be growing in size. And with a project by project security risk presence, there is far less of a chance that something important might fall through the cracks. You never know when a technical decision made by someone less informed could open the organization up to a breach that could be very damaging.


Educate senior management on the probability, liability and exposure. As important as it is to educate the entire enterprise on the cybersecurity risks and enforce awareness and accountability, it is even more important that senior management be aware and buy in to the need for a cybersecurity knowledge base and project involvement within the organization. Funding comes from this group, projects are sometimes prioritized and staffed from this group and as the project teams need to evolve to handle the cybersecurity threats, so does the leadership of the organization. Just as with any program, improvement, or campaign... without the leadership buy in it is going usually fail in the enterprise adoption effort as well. If leadership doesn't back it, it won't usually last.


Compile stats. Try hard to quantify things. From an IT standpoint, you can often tell how many potential breaches have been thwarted by whatever software you have implemented. Include that information in project status reports to teams, clients and senior management. The more benefits you can actually show in numbers – even dollars – the better. This will build fast confidence and buy in to the measure being proposed and taken. Management loves to jump on board with new initiatives that are actually working. And the goal is to show progress fast and early so that enterprise adoption and accountability and participation is a no-brainer and the learning curve is small and behind everyone quickly. Management loves numbers. Customers love numbers – especially positive ones. Figure out how to show numbers and you'll get them on board with the security movement and implementations quickly. And that is important to project protection and survival.


Summary / call for input


The bottom line is this – cybersecurity is an established risk that isn't likely to ever go away. Too many hackers having fun or trying to capture data and identity at the expense of others – sometimes even working to profit from it and not just cause damage. If you have high visibility projects or data sensitive projects or both, you will likely be a future target. We need to be vigilant and prepared.


Readers – what is your take on this list? What experiences have you had with the implementation of a cybersecurity infrastructure? It's rather new to most organizations so any advice we can share will be helpful.

1 Comment
mybkexperience link
2/21/2021 10:54:25 am

I found this on internet and it is really very nice.
An excellent blog.
Great work!

Reply



Leave a Reply.

    Author:

    Picture

    Brad Egeland


    Named the "#1 Provider of Project Management Content in the World," Brad Egeland has over 25 years of professional IT experience as a developer, manager, project manager, cybersecurity enthusiast, consultant and author.  He has written more than 8,000 expert online articles, eBooks, white papers and video articles for clients worldwide.  If you want Brad to write for your site, contact him. Want your content on this blog and promoted? Contact him. Looking for advice/menoring? Contact him.

    Picture
    Picture
    Picture
    Picture
    Picture
    Picture

    RSS Feed

    Archives

    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    August 2012
    July 2012
    June 2012
    May 2012
    April 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011
    August 2011
    July 2011
    June 2011
    May 2011
    March 2011
    January 2011
    December 2010
    November 2010
    October 2010
    September 2010
    August 2010
    June 2010
    May 2010
    April 2010
    March 2010
    November 2009

    RSS Feed

Powered by Create your own unique website with customizable templates.