Council Post: Let’s Not Talk Politics When It Comes To Cybersecurity
David Schiffer is the CEO of RevBits and formerly of Safe Banking Systems (SBS). develops cybersecurity software for organizations.
Inevitably, politics seems to be a never-ending news topic. While I keep abreast of political candidates and their policies, as their impact on my personal life and that of my family and friends is important, I find it difficult to understand when political beliefs find their way into critical business decisions.
In the process of choosing a candidate, voters always face the task of deciphering perception versus reality. Sometimes candidates are successful in convincing the public that they can accomplish everything they promise on the campaign trail. Unfortunately, failure to deliver on those pie-in-the-sky promises is frequently a part of the post-election political landscape.
We see this in business, too, as technology vendors are often guilty of overcommitting and underdelivering. Then, there are the political battles fought within the companies themselves. Staff members prefer one product brand over another, and the companies unwittingly become a venue for political maneuvering. Political jockeying often results in a few individuals obtaining power and control, and forgotten in the fray is the objective to get the optimal solutions and best products that will get the job done in the most effective manner.
Keep Politics Out When It Comes To Cybersecurity Decisions
Today’s enterprise digital environments are so vital to the success of virtually all organizations that there is no place for politics. When it comes to digital infrastructure, there are just too many critical decisions. Whether it’s deciding upon a type of cloud service, ZTNA or VPN, or a comprehensive cybersecurity platform, these crucial decisions must be made with collaborative consideration.
Today’s digital infrastructures are integrated into virtually all business functions. For the sake of the enterprise and clarity, every stakeholder who is impacted by a product or solution should want truthful input and evaluations, whether it favors their predisposition or not.
Sometimes these decisions create a conflict of interest, as in the case of Suffolk County, New York, where consulting firm Redland Strategies was hired to respond to ransomware attacks. On September 8, hackers carried out a major cyberattack that would end up costing Suffolk County millions of dollars. To complicate things further, the consulting firm’s founder served as a cybersecurity consultant to Suffolk and also as a lobbyist for his firm.
The consulting firm also happens to be a lobbyist for cybersecurity vendor Palo Alto Networks, doing business in Suffolk County where Palo Alto’s firewall services are now deployed. Suffolk County has since decided to end its contract with the consulting firm. However, the internal conflict continues, as Suffolk’s IT Commissioner and their legislators engage in heated budgetary discussions about costs associated with preventing future breaches.
The Case For A Unified Cybersecurity Approach
The war against cybercrime requires a team effort with a level playing field that encourages knowledgeable input from all invested parties. All stakeholders should be concerned with, and play a part in, the effort to protect critical corporate data and assets. Cybersecurity leaders should enforce strong cybersecurity policies that support ongoing security education, training and communication across the enterprise. Internal factions that favor or disfavor particular security points of view, actions or products can thwart efforts to create a cohesive security defense posture-one that unifies data sharing and functions while increasing visibility for the successful defense of the organization.
Convergence of security products into a fully integrated system empowers all members of a cybersecurity team with streamlined workflows and greater productivity. Rapid and effective data sharing and enterprise-wide visibility enable real-time event clarity and response. Security orchestration and automation across a multifunctional security stack accelerate the detection and remediation of anomalous activity.
Security personnel are no longer reacting to myriad false positives and other non-priority events. Seamless integration with a single view allows analysts to conduct rapid forensics, with detailed analytics and context for quick threat mitigation. Leveraging diverse analytics and automation, multilayered and integrated cybersecurity infrastructure can provide greater impact, by proactively protecting business resources and data.
When we consider a political candidate or technology solution, we make choices that we hope will not only solve our problems today but also improve our future. As our society and economic drivers evolve, and our technologies advance, the choices we make in the people and technologies we put in place today must also be appropriate for tomorrow, and political games and manipulations have no part in these decisions.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?