Another data breach, a new virulent variant of ransomware, burnt-out employees, too little money, and too many threats — the world of cybersecurity can seem grim. While there is no denying the prevalence of these challenges, there is reason to be hopeful.
“When I think about optimism in cybersecurity, I really focus on people, process, and technology,” says Meg Anderson, CISO of Principal Financial Group. People are putting in the work to push cybersecurity forward. Processes are evolving to combat threats. With new technology comes the possibility of better defenses.
Anderson and five other cybersecurity leaders share what fuels their belief in a bright future for their field.
1. Leadership buy-in
Cybersecurity hasn’t always been recognized as an important business investment. It has a history of being sidelined and siloed as an IT-only issue. Leadership has become increasingly aware that cybersecurity needs to be integral to their organizations’ strategies. Buy-in across the entire leadership team means more awareness of and resources for cybersecurity.
“C-suites and boards across industries are asking the right questions and acknowledging cybersecurity as a critical component of their business,” says Phil Venables, CISO of Google Cloud.
2. Individual awareness
Executives and boards are more aware of cybersecurity, and so are individual employees and consumers. “We’ve definitely shifted the thinking that somebody else is going to fix this for us to knowing that we all play a part in keeping our information and our money safe,” Anderson observes.
Human error remains a leading cause of breaches, making individual awareness and education an important part of basic cyber hygiene.
Neil Jones, director of cybersecurity evangelism at Egnyte, has seen companies finding ways to incentivize employee participation in cybersecurity, such as gift card promotions for spotting phishing emails. “This has rapidly diminished the ‘us versus them’ mentality that many users previously experienced with IT security teams,” he says.
Our industry will need to continue to invest in training programs, certifications, and educational initiatives to develop a skilled workforce capable of tackling evolving cyber threats,
Steve Tcherchian
CISO and Chief Product Officer
XYPRO Technology
3. Cybersecurity education
Cybersecurity awareness has grown in part due to the available paths in education. “When I first earned my designation in 2008, almost no one outside of the cybersecurity industry knew what my certification was, but today broad awareness of cybersecurity certifications is commonplace,” Jones shares.
Anderson has also seen higher education introduce more options for cybersecurity degrees and training during the 15 years she has been in her current role. This continued trend gives hope that more people will be prepared to fill the much-needed jobs in cybersecurity.
“Our industry will need to continue to invest in training programs, certifications, and educational initiatives to develop a skilled workforce capable of tackling evolving cyber threats,” says Steve Tcherchian, CISO, and chief product officer at XYPRO.