The key to defeating cyber crime is to make security a board level priority at every organization of any size, according to Ryn Melberg who is the host of The Guardian Podcast. Cyber security violations represent crime on an epic scale with every remedy soon thwarted and defeated by cyber criminals who are as clever and skilled as they are evil. The way to win the security battle is to change behaviors and beliefs that make the job of the Internet crooks easier than it needs to be. Listen to the podcast below.
IT and Business Are The Same
According to Ryn, many directors and senior executives view on line security as an “IT” problem and not as an overall business challenge. “Most of the breaches lately at places like Target or Ashley Madison were back door hacks that were enabled by business practices and policies,” Ryn told her podcast audience. “The old idea that there is a separation between IT and business is false. There is no separation; they are one in the same. If business is not working as a cohesive unit, these breaches are possible.” Ryn advises the public and business leaders to rethink their organizational structure and to include business representatives on security teams along with I.T. experts. “The security challenge is not just a technical issue, but an overall business challenge and should be treated as such,” she said.
Invest In I.T.
When companies and other organizations decrease the amount of money and people devoted to I.T. and security, the results are predictable. Ryn cited one of the ultimate laws of the universe to reinforce the point; that we all get what we pay for. “When IT budgets go down, hacks go up,” Ryn declared. “It is axiomatic and automatic. There is a correlation and if you are not interested in paying for cyber security or going cheap, you will get what you paid for.”
Turn The Security Auditor Into A Consultant
Traditionally, security checks are left at the end of the software development process. Ryn advises her listeners to make security part of the overall development team, not as “a guy with a clipboard” at the very end. “A lot of leaders and software programmers fear the security person and the checklist they have on that clipboard,” she said. “The process should be collaborative and not adversarial. We need to make checking security part of the development process on any team. If the end of the development process is where you see the security person for the first time, then it is time to rethink how the team is populated and deployed.”
Empower The Team To Stop The Process
During the podcast, Ryn remembered how workers on an assembly line were empowered to stop the entire line when a problem that needed solving was noticed. “The line stops and the workers swarm to solve the problem,” she said. “Software and code writers should be similarly empowered to stop the development process when they see a potential security issue and repair it before going on.” Or make sure that security is everyone’s job, from the board of directors on down.
The Guardian Podcast with Ryn Melberg is the only one of its type that covers issues from the world of Agile, Scrum, SAFe, cyber security and corporate governance.