In the first half of 2019 alone, there were more than 3,800 data breaches—a 54% increase from the number of breaches reported at the same time last year. With the evolving global threat environment, it is more important than ever to develop overarching cyber solutions and practices that protect sensitive data. However, too often, corporations don’t consider network vulnerabilities until it’s too late, asking the same question after every major breach: “How could this have been prevented?”
Instead of taking a reactive approach to adversarial threats, corporations must invest in the tools that can secure the most important data belonging to their employees, customers and stakeholders. Technology plays a major role, but no matter how big your organization is, you need a corporate culture rooted in employee well-being, where managers are leaders in what I like to call ‘Cyberlandia.’
To me, Cyberlandia is the optimum state of cyber-readiness, with happy employees who feel empowered and energized to face whatever threats are thrown at them.
Guiding Principles of Cyberlandia
I’ve managed professionals for many years and learned from my mistakes. What I’ve found is that cybersecurity departments can accomplish real cultural change through simple practices. There is no “silver bullet” solution, but there are three principles that can help security teams reach the ultimate goal of Cyberlandia.
- Put People First: For too long, security departments have operated in silos, working behind closed doors in solitary environments. This fragmented workplace hinders employee growth, as many begin to feel stagnant in their current role, or don’t think they’d be supported if they ask to change positions. Because of the importance of our work and how fast it is evolving, we must let employees grow and give them the time and space needed to avoid burnout. Effective leaders encourage their employees to try new projects and roles, and to disconnect from their day-to-day routine by taking all of their vacation time and lunch hours.
- Communicate Effectively: About 80% of employees across industries report feeling stressed because of ineffective company communication. Given the sensitive work within the cybersecurity sector, there are always high-stress and high-risk discussions in the workplace. A good leader will strategically disclose this information to those who need to hear it, knowing that misplaced information could cause undue stress throughout the team.
- Be the Decision Maker: In the security industry, the next breach is just around the corner, no matter how prepared a company may be. And when the eventual breach occurs, everyone will default to the classic question: “Who is to blame?” Leaders must step up in difficult situations, making strategic decisions focused on solutions, not blame. This empowers teams to operate with a mindset of trust and collaboration, face challenges head on and overcome hurdles.
Once integrated into day-to-day operations, these principles will create a culture centered on operational excellence, strong employee performance and happiness, and customer satisfaction.
It is more important than ever for organizations to focus on building a culture of trust that gives employees the space to excel, while also providing opportunities to grow and recharge. The cybersecurity industry is currently in crisis. With a talent gap that is expected to reach 1.8 million by 2022, security professionals across industries feel pressure to work long hours to withstand their growing workload. Adding to this pressure, 91% of CISOs say they suffer from moderate to high stress, meaning this issue starts at the top. Implementing these principals will reduce stress and increase moral from the top down.
There is no denying the correlation between employee happiness and company performance. It is the responsibility of leaders to ensure that security professionals across industries, and at every level, work in a people-first culture that provides clear direction, focuses on operational excellence and has the flexibility to institute necessary changes. This concept is not a nice-to-have. It is essential to reducing the cyber talent gap and ensuring that corporate cybersecurity departments have the capabilities, bandwidth and attitude to deter emerging threats and keep our data secure.
It is now my pleasure to welcome you to Cyberlandia.