In a connected world threatened by digital raiders, business and technical leaders are the guardians of their corporate kingdoms, ensuring their fortress (company) remains impenetrable to dire cyber attacks. This article will explore how modern leadership parallels the roles of medieval society, emphasizing the need for strategic collaboration to safeguard the people and valuable assets.
We will explore the responsibilities and potential consequences of enemy attacks and investigate the differences between the corporate kingdoms that succeed and those that fail.
Medieval Life Today
Imagine waking up tomorrow to find your company’s digital gates breached and its treasures plundered. This isn’t a scene from a medieval tale, this is a modern reality for many people.
You know that battle pulls men and women of honor into the fight. You and your company are under attack from criminals who want to steal resources and take information as hostage. Kingdom leaders must band together to mitigate certain cyber risks, minimize liabilities, and protect the organization’s assets and reputation.
The defined roles in this medieval society to monarchs, nobles, peasants, and knights.
The business owners are similar to monarchs with the title of king or queen. Kings and queens were at the top of the social system within their kingdom, much like owners direct their business enterprises. To grow their kingdom, these business leaders employ nobles and peasants who provide the bulk of the work. They hire and develop knights to protect their people and assets from invasion.
Nobles came after the kings and queens in the social system. Nobles were also business leaders who pledged their allegiance to the monarch. They were given titles, responsibility, and money in return for their loyal service. The nobles oversee the operation, making strategic decisions and managing resources.
The people typically doing the work are peasants who report to the nobles as they have obligations related to their roles. Since the nobles usually have power and authority over the peasants, the nobility provides governance and protection in exchange for the work product.
Technical leaders are like the knights who defend the fortress, ensuring it is secure. Knights were paid for their protection in battle and food from the peasants. They were trained for war and fought to protect their monarchs, nobles, and peasants. If he/she proved to be a brave and effective warrior, the monarch or noble may honor them with a fabulous title, money, and benefits.
As we explore the context of liabilities, know that a group of monarchs successfully defended their fortresses with minimal damage from recurring attacks. What did they do differently?
Context of Liabilities
When enemies attacked to steal resources or take prisoners for ransom, the knights set barriers and bravely fought while the nobles and peasants returned to the fortress safely. History has proven that many attacks succeeded, where the riches were pillaged due to limited or unprepared defenses.
Historical sieges wiped out kingdoms. Enemy forces would quickly outmaneuver protection efforts when too few knights or fortifications could not withstand the opposing forces. Overcome by the invaders, those who survive defeat begin the rebuilding process.
In this context, liabilities refer to the financial, compliance, and reputational risks of successful cyber attacks and data breaches. The consequences may include:
1. Financial Loss: Business disruption or shutdown is a frequent result. These costs include productivity loss, replacement of assets, response costs such as investigations, remediations, legal fees, customer notifications, and potential lawsuits.
2. Regulatory Compliance: Businesses are subject to various laws, regulations, standards, and other rules set forth by governments and other regulatory bodies. Violating these regulations can lead to significant fines and penalties.
Examples include:
- Federal Trade Commission (FTC) Safeguards Rule
- Payment Card Industry (PCI) Data Security Standard
- Department of Defense’s (DoD) Defense Federal Acquisition Regulation Supplement
- Department of Defense’s (DoD) Cybersecurity Maturity Model Certification
- California Consumer Privacy Act (CCPA)
- North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC-CIP)
- Sarbanes-Oxley Act (SOX)
- Securities and Exchange Commission (SEC) cyber disclosure rule (SolarWinds)
- European Union’s General Data Protection Regulation (GDPR)
3. Reputational Damage: Do you know anyone who states that a business’s reputation is unimportant? This variable involves how your outage impacts the perception of your leadership and the organization’s distinction for months or years after the event. Market share, cost of capital, and stock price if public. Perhaps employee retention and the increase in insurance premiums become issues.
Business leaders’ liability is to protect customer data, maintain compliance with regulations, and manage resource allocations. They are responsible for setting policies, allocating resources, and creating a culture of cybersecurity awareness within the organization. They own the financial and legal impact of each breach or loss event.
Technical leaders’ liability focuses on designing, implementing, and maintaining the required cybersecurity measures. They establish procedures and controls, such as patch management, access controls, and regular assessments. Their expertise ensures that the fortress (company) is well-protected against those enemies (criminals) who seek to harm (cyber breaches) and loot (phishing and ransomware) the fortress. They own the execution and potentially legal impact of each breach or loss event.
To summarize, the business leaders are accountable for the overall cybersecurity strategy and its alignment with business goals, while technical leaders are responsible for its execution and technical implementation.
Raid Scenario
If your company were a medieval kingdom, how would you protect it?
Suppose a company (yours) experiences a data breach due to an exploit from an unpatched application (widespread outage and data loss). The impact on revenue and expenses last two quarters and long term debt provides liquidity and cash flow. The business leaders may face legal consequences, regulatory fines, and company reputation damage. No raises or bonuses are paid out and nobles may be fired.
The technical leader is responsible for not implementing a vulnerability management system to support necessary patch management measures. The resulting liability for the breach could result in loss of bonus, compensation, demotion, or termination of the knight.
It is essential for business and technical leaders to collaborate effectively to mitigate certain cyber risks, minimize liabilities, and protect the organization’s assets and reputation.
Modern Medieval Obstacles
Investing in swords, shields, knights, and skills is vital to protecting the people and assets inside the fortress. As you devote resources to building or maintaining your defenses, forgetting to close the fortress gate can quickly become dire.
Attackers change tactics and methods as they probe to find your weaknesses. Some knights have the stamina and skills to fight, while others succumbed to fatigue. Others realized they needed an advantage to protect and defend the fortress if they planned to be successful.
The challenge many knights face is the worry of being critized when communicating the need for help. A few knights have an image to maintain as expert fighters. Others pride themselves on tactical execution.
Almost every knight wants to become a better defender, but there are obstacles to success. Whether time, money, or effectively communicating needs, all eventually find themselves in a battle they do not want.
Some knights sent word that reinforcements were needed, whether driven by duty or fear. That is why monarchs, nobles, and knights sought assistance from another group of people called mercenaries.
These external (coming from outside the fortress and territory) warriors perform under contract and utilize experience to overcome the adversary. The paid professionals bring fresh eyes and strategies to assist the knights in defending their fortress.
Effective mercenaries set expectations, co-develop a plan, . We stand for freedom and will join you in the fight.
The principled work creates outsized returns for the monarchs and nobles as defenses are assembled in less time. The knights benefit from the shared knowledge and practices, even after their time together ends.
Future Fortifications
Sieges and threats are overcome by planning and preparation. To safeguard your people and valuable assets, consider the following:
- Begin cybersecurity discussions with the leadership team and communicate regularly with the personnel accountable for managing cyber risks
- Evaluate potential cybersecurity issues when your organization considers potential vendors and shares data with third parties
- Ensure that the organization’s security policies, standards, enforcement mechanisms, and procedures are uniform across all teams and lines of business
- Invite the knights (technical personnel) to routinely brief nobles and monarchs (senior business leadership)
- Determine how cybersecurity risk management transitions into your corporate risk management and governance processes
- Document your organization’s assets and the technology dependencies
- Assess your organization’s exposure to loss associated with its assets and technology dependencies
- Determine your organization’s acceptable level of future losses
- Understand where cybersecurity threats sit in your organization’s risk priority list
- Identify gaps between your current state of cybersecurity and the desired target state
- Evaluate requirements and budget resources to address existing gaps
- Continuously reevaluate the organization’s cybersecurity goals
- Consider using third party penetration-testing, vulnerability management, and consulting services
- Consider protective measures such as buying cyber insurance
Enemy forces change tactics to outmaneuver protection efforts. Cybersecurity awareness and preparedness depend on strategic collaboration with continuous risk-based analysis to safeguard valuable assets.
Judgments
Hundreds of years later, men and women of honor struggle with similar problems. It is crucial for both business and technical leaders to collaborate effectively to mitigate specific risks, minimize unacceptable liabilities, and protect the organization’s assets and reputation.
Who among you are wise leaders?
Imagine being the person who takes specific incremental steps to secure the fortress. You take the accolades for protecting the people and assets. We find honor in supporting those who take protecting their corporate kingdom, knights, nobles, and monarchs.
Leadership that takes accountability will establish processes, procedures, and controls to resist cyber threats. They will report and promptly assess the impact of a cyber incident from collection of information to escalation and, if necessary, disclosure to stakeholders.
The alternative then and now is that legacy methods for executing maneuvers and formations are less effective for securing the fortress. The liabilities from avoidable disruption can be career changing events for those who fail.
The leaders who need mercenary assistance, raise your swords and stand forward.
The End
Will your story be one of triumphant defense or tragic downfall?
Your actions will determine whether you become the Hero, the Jester or Open to work.
We seek out the leaders who want to become better defenders of the corporate kingdom. If you find honor in being responsible, we stand ready to support you.
You can initiate a conversation today by visiting the Contact Us page to submit your message or use the Schedule button to coordinate a conversion.
As a proud supporter of American companies, Certitude Security® is working diligently to define the specific points of truth. Together with business and technical leaders to facilitate essential asset protection priorities for companies throughout the United States.