This past weekend it was reported that the Public Broadcasting Service, or PBS, and Lockheed-Martin had their networks attacked by cyber-criminals. The Wall Street Journal highlighted today two different stories about how government and private organizations are responding to the daily deluge of cyber-attacks within their respective sectors. The first story deals with how the Pentagon is internally debating over when to constitute a hack as an “act of war,” and thereby allowing the U.S. government to respond accordingly with military intervention and solutions. However, as often is the case, the origin of a cyber-attack is difficult to pinpoint, and is a ballistic missile strike an appropriate response to a cyber-attack?
The other article in the WSJ addresses how global company CEO’s are addressing internal cyber-security procedures, especially in the wake of this weekends cyber-attacks, and the massive data breach at Sony, Corp., a few months back.
Corporate executives said they no longer can take a passive approach to cybersecurity. Ted Chung chief executive of Hyundai Card/Hyundai Capital Co., an auto finance provider in South Korea that was hacked in April, blamed himself for not paying enough attention to the importance of information-technology security. ‘When it comes to big companies or big banks, no CEO is that stupid not to pay attention. But maybe they pay the same attention I did, which is giving encouragement and budget to IT but then saying ‘What do I know about programming?’ [Mr. Chung] said in an interview Monday – ‘That is the wrong support.’
What Mr. Chung, and other Executive leaders, need to come to terms with, is that the problem is simply not a technology problem requiring a technological solution. The breakdown within the organization lies squarely in the mirror that CEO and governmental leaders look into every morning. A paradigm shift needs to occur within our business culture. CEO’s, like Mr. Chung, need to begin to build a culture of compliance within their organization that is focused on a comprehensive data governance program. It is not sufficient enough to throw massive amounts of corporate capital at IT infrastructure projects, if the culture internally has not changed. That is what has gotten us to this point. For years, IT managers and executives would go to their CEO and Boards asking for capital to build out their network infrastructure. Over time, financial fiduciaries began to note that the outlay of capital was becoming too financially oppressive for the organization. Choices needed to be made.
CEO’s may know nothing about “programming” (to use Mr. Chung’s words), but they do know how to lead and inspire a shared vision. Capital investment in IT infrastructure is important, but it does eventually become cost prohibitive. Ask yourself this question – if you are an executive within an organization: how should I respond to a breakdown in organizational controls that are negatively influencing my ability to (1) retain good employees; (2) keep trade secret data private and secure; (3) maintain our goodwill; and (4) secure the long-term viability of our business model? The answer for the CEO’s is to “be” what everyone in your organization expects you to “be” – a LEADER! Communicate the importance of a comprehensive data governance program.