I also want to focus your attention on this month’s key word – awareness.
There is a critical need to increase awareness across the country when it comes to cybersecurity.
There are two key issues I want to address related to this:
First: Although cyber threats today routinely disrupt public and private services for days, even weeks at a time (costing billions of dollars), most organizations still do not view cybersecurity as a business risk.
This is frequent topic for me, but I cannot emphasize enough how important it is to view cybersecurity at the same level as all other business risks including economic, legal, operational and financial. Failure to understand this basic fact creates significant challenges.
Second: Even when organizations get hit with a serious cyberattack, they too often focus on just the immediate problem. We become myopic, rushing to fix a specific vulnerability instead of stepping back to see the managerial, technical and operational issues that contributed to the cyberattack. Organizations hurt themselves with this short-term thinking.
So, my call to you, as part of National Cybersecurity Awareness Month, is to help raise awareness within your organization that cybersecurity represents a business risk. Elevate its importance.
Also, do your part to ensure a holistic approach is taken when viewing cyber threats. While it is important to do the basics well (patching vulnerabilities, practicing good cyber hygiene) it is equally important to look at threats on the horizon and act now to prepare for attacks before they happen.
You don’t need to be a cybersecurity expert to take these steps. Anyone can play this role. They just need to recognize the risks and help spread the word. Talk to your coworkers, to your family and friends, to your leadership.
Here is my question for you: What are your suggestions for increasing awareness, and advocating for a holistic approach to cybersecurity?
I welcome your thoughts and ideas and look forward to our continuing partnership to serve this great state. Thank you for all that you are doing.
State Chief Information Security Officer