Nobody really knows what the “new normal” will be like and when – and how – the dust will settle. But it is hard not to see tech, security and privacy coming out stronger.
While this is better than doing nothing or relying blindly on the security of cloud providers, those externalised, part-time services – often delivered remotely – are rarely the magic bullet they pretend to be…
It does not make sense to oppose maturity-based approaches and risk-based approaches to cyber security: They are just different ways of managing, driving and measuring action around cyber security in different situations and different firms. One does not have to be superior to the other.
You don’t become a transformational leader overnight, in particular if your background, your skills and your core interests are centred around the more technical aspects of cyber security.
Culture and governance are key to drive change around cyber security behaviours, but too many awareness programmes focus simply on superficial technical gimmicks. JC Gaillard from Corix Partners deconstructs 3 clichés which have been dominating the security awareness arena for the past decade.
This is no longer about understanding what’s being done against cyber threats, it’s about getting it done, and getting it done now.