A common misperception in Cybersecurity is that the Cybersecurity Leader should be a Hacker or a pure technical person!
In the latest report by Gartner, under the title of “Reframe the role of the Cybersecurity Leader,” was that Leadership Misconception is that “The CISO “Chief Information Security Officer” prevents breaches. They highlighted that we should Reframe this to:” A leader Facilitates Risk Management.”
The second point was Leadership Misconception:” Cyber risk is a Security’s problem.” While we should reframe this to:” Cyber risk is a Business/Organizational risk.
We must change our mindset from treating Cybersecurity as a technical problem that should be managed by technical and IT People and start dealing with it as a Risk, like any other business/organizational risk where everyone in the company should be involved.
There is No solution for Cybersecurity; it is a continuous process that we should work on daily, based on a Cybersecurity framework that fits our organization. The most common Cybersecurity risk management framework is the one by NIST “National Institute of Standards and Technology” by the U.S Department of Commerce, and it is composed of five main pillars:
1- Identify (What you are trying to protect by identifying your digital assets, supply chain, etc.)
2- Protect (Putting the right strategy to protect your company and one of the main points is Training & Awareness)
3- Detect (Knowing that there is nothing called 100% secure, we must know that we can be hacked anytime, and we should have all the monitoring tools and human resources to detect the Cyberattack)
4- Respond (What are the activities that you should do to respond to any attack, this plan should be ready, easy, and practiced before. the essential factor here is Communication internally and externally)
5- Recover (what is my recovery plan to go back to the initial stage with the lesson learned and action to be taken to present similar attacks in the future)
In brief, Cybersecurity is not just a technical problem; it is also an economic, psychological, and human behavioral challenge, all rolled into one. A different set of rules governs cyberspace. The concepts of distance, borders and proximity all operate differently in cyberspace compared to the physical world. Cybersecurity is still “new,” and we are still learning every day.