Cyber-security threats are now getting attention not only from technical specialists but from senior business executives, and also the President of the United States. With this expanded awareness has come both the need and opportunity for greater public-private cooperation on information security issues. To assist in this shared protective effort, business leaders must understand the challenge, establish accountability, coordinate efforts, and above all communicate – with one another, with government entities, and with the public.
Until the fairly recent past, cyber-security was not so much about threats as about nuisances – the stereotypical brilliant but maladjusted teenage hackers of lore. Those times have ended. The new generation of information attackers are professionals, ranging from organized crime rings to militant activists to states' national intelligence operatives.
This growing threat level has – fortunately – been accompanied by growing awareness of cyber-security as a major issue. As Harry D. Raduege, Jr puts it at Harvard Business Review,cyber-security is no longer a matter for the back room. The shift has reached the White House, with President Obama issuing an executive order centered on public-private cooperation.
The task of achieving this cooperation is admittedly complex. Different industries are regulated by different government agencies, which must learn to be on the same page. More importantly, the task facing the private sector is not just regulatory compliance. The threat is real, and beyond the headlines, firms of all sizes are threatened by cyber attacks.
In order to respond effectively, business leaders must step up to four key responsibilities. They must understand the threats facing their firms and industries. They must establish a chain of responsibility, so that security objectives are turned into action. They must coordinate their efforts – within industry, across related industries, and between the private and public sectors.
And most of all they must speak out and communicate, so that colleagues, regulators, and the public all understand the issues, and what is being done to address them.
All of which reaffirms the basic truth that cyber-security is not just about technology solutions. It is primarily about creating policy and taking action. GRT Corporation stands ready to help your organization do just that.