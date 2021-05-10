



More than a decade ago, in 2007, the first iPhone was released, along with an ever-expanding ecosystem of apps. This was a watershed moment not only for the technology industry, but for the entire civilization. It was a catalyst for what was to come.

Suddenly, all consumers were able to access the Internet at the push of a button, and private sector data began to accumulate all at once. At this point, the data was established as an increasingly valuable commodity, which in turn increased the risk of exploitation.

It has also created a wave of rapidly growing innovation that is not yet broken. In this situation, technology providers, users, and manufacturers are excited about new features, new features, and new developments, but little consideration is given to the possible adverse effects. To be sure, fear is not in a state of innovation, as it is this fundamental idea that hinders creativity.

Since then, I’ve witnessed some major advances, such as artificial intelligence and machine learning. However, if these technologies help keep you safe online, they can pose a significant social and security threat if not properly managed. As long as we create technology without predicting the possibility of misuse, we will continue to face notable social issues such as cyber security.

Think of an underground economy that grows and continues to mature, centered on cybercrime. It is not uncommon now for malware to be sold “as a service”, for the establishment of “hacker colleges” to offer cybercrime degrees, and for cybergang mergers and acquisitions. In the world of cybercrime, you’re making a tremendous amount of money. In other words, the black market is unlikely to be closed. If an organization continues to pay ransom and remains vulnerable, malicious attackers remain motivated to pursue malicious efforts. In addition, the tools we may use for greater benefit are readily available for more advanced attacks.

Trauma due to cybercrime

Needless to say, the threat situation in which CISOs and security teams are currently active is increasing in scope and complexity. The relentless onslaught of cyberattacks poses significant costs to organizations, from regulatory fines, proceedings and repair costs to reputational and employee productivity loss.

But just as important is the psychological impact that the organization must address: trauma. According to a recent study conducted by OneLogin, almost all IT leaders felt the need to look at some coping mechanism (exercise, meditation, or treatment) because of the stress of their role.

It’s understandable that due to the nature of cyber threats, security teams are experiencing confusion, uncertainty, and lack of control. At the individual level, this trauma manifests itself in burnout, isolation, delusional disorder, suboptimal decision-making, and attachment to attribution.

In addition, a quarter of security leaders reported managing this stress with alcohol or substance abuse. At the organizational level, in addition to the anxiety that the problem may recur, we may observe problems with dismissal, overeating, overspending, and addiction to resolve the problem. To make matters worse, some respond by choosing not to address the possibility of the incident, learning from mistakes, and refusing to speak openly about the incident to prevent recurrence.

Lifeline extension

Infringements are very widespread, affecting from the smallest companies to the largest conglomerates. Addressing cybersecurity is no longer a technical issue, but a business issue. As a result, CISOs and their security teams cannot afford to operate separately. Their voice should not be suppressed across layers of bureaucracy. In fact, for example, there are countless examples where the CISO is instructed to report to the CIO. However, this can cause conflicts of interest, as the CIO may choose not to disclose certain vulnerabilities or shortcomings to save the face.

Rather, the CISO needs to be in direct contact with the CEO and be a companion, such as an engineering manager or CIO. All of these need to be receptive. Only when this is coordinated can an organization facilitate open and productive discussions that are essential to developing robust mitigation and incident response plans. This is a “successful escape” during an incident.

By reconfiguring the communication channels in this way, the CISO and his team can be confident that they can hear their voice and regain a sense of control. In addition, this raises awareness among CEOs and other board members about the importance of security, rather than being ignored as trivial. This reduces the burden and stress that security teams typically bear on their own and provides the “authorization” needed to overcome trauma.

But some better news is that it appeared in last year’s collective global trauma, and our security leaders feel more supported. A recent survey suggests that nearly three-quarters (74%) of tech leaders are interested in the mental health of their employees.

The world of cybercrime has only been exacerbated by the acceleration of technological innovation and has become a permanent fixture in our society. Constant attacks and threats are traumatic for both the organization and its security team. To limit the long-term consequences of this, the security team must achieve a “successful escape” and “authorization”. An important first step in doing so is to give the CISO a table seat.

