“Spotting the Difference: Cyber Security Leaders vs. Imitators in the Digital Age”
By Sundar Balasubramanian, India and SAARC MD, Check Point Software Technologies
In today’s rapidly evolving digital landscape, India has become a prime target for cyber threats, where an organization in India is attacked on average 3,244 times per week over the last 6 months, compared to 1,657 attacks per organization globally, according to Check Point Software’s Threat Intelligence Report. As organizations scramble to protect their data and networks, the difference between true cyber security leaders and imitators becomes crucial.
For businesses in India, identifying these differences can mean the difference between robust security and potential vulnerability.
The Definition of Leadership is Changing
Cyber attacks are a ‘when’ not an ‘if,’ which cements the necessity and critical nature of cyber security jobs. Where some roles like administration and creative creak under the weight of AI advancement, high-quality cyber security professionals retain their value. Even the most advanced AI strategies (such as real time threat detection and response) are no match for the adaptability and moral code of a strong cyber security leader.
Fifteen years ago, would you have expected to see soft skills like ‘attention to detail,’ ‘creative problem solving,’ and ‘clear communication’ in a CISO job description? The traditional profile of a cyber security leader – siloed from senior management, a necessary evil always begging for budget – is a distant memory.
Fast forward to 2024, and cyber security leaders have a seat at the high table as trusted business insiders, valued advisors, and propelling forces for long-term change and strategy. Cyber security leaders must have a deep respect for what they don’t know and a deep passion for continuous improvement to keep up with the breakneck pace of the industry. A recent Gartner survey found that 77% of top-performing CISOs take the responsibility to initiate discussions on evolving norms to stay ahead of threats.
The Role of the Tag-along: A Valuable Supporter or Your Organization’s Weakest Link?
Security professionals wear various hats. A tag-along might not be the one leading the pack. Instead, they could be the person behind the scenes, running pen tests, monitoring network access permissions, and conducting audits to enhance the security posture. In this case, tag-alongs are not tagging along at all – in fact, these professionals are as valuable for your organization as the CISO.
Yet, cyber security isn’t a wholeheartedly technical discipline anymore, and it is inaccurate to assume that security is irrelevant to people with no coding skills or understanding of software. In theory, everyone in your organization should be a cyber security tag-along. Think of it this way: If everyone is pulling their weight, there are no tag-alongs.
Indian enterprises face a critical shortage of cyber security experts, ranking second globally in this workforce deficit, which has surged sevenfold over the past year. As of May 2023, TeamLease reports over 40,000 unfilled cybersecurity positions in India. Approximately 800,000 cyber security professionals are currently needed in India, which is a substantial portion of the global shortage of around four million. The demand for cyber security roles has skyrocketed over the past 5-6 years, leading to a severe talent shortage. Additionally, the industry is experiencing significant burnout among skilled cyber security professionals due to the relentless nature of managing evolving threats.
Training sessions, such as phishing simulations and data privacy awareness, minimize easily avoidable human error, especially among ‘non-technical’ employees. It begs the question: What makes a worthy leader? Is it the person who can successfully lead cyber security teams or the one who can lead everyone by creating a culture of confidence, competence, and cyber security awareness?
A recent study by Gartner found that the best of the best lead by example: 69% of top-performing CISOs dedicate time for personal and professional development, demonstrating that cyber security training isn’t reserved for the ‘weakest links.’
Who Will Call the Shots Five Years From Now?
According to Gartner, a great cyber security leader has very little to do with technical ability. The CISO Effectiveness Diagnostic defines four skill categories for great leaders: Executive Influencer, Future-risk Manager, Workforce Architect, and Stress Navigator.
No amount of technical education will prepare you for a real-life attack scenario. When crisis mode hits, only the most clear-headed people will steer your business’s ship to safety. While cyber security professionals will spring into action, we will always need a cyber security leader to act as the crisis mitigation expert who communicates with boards and senior management.
The elephant in the room is that there may not be enough people to hold down the fort at all. Cyber security skills gaps and talent shortages impact 71% of organizations, and 54% believe it is getting worse.
No one said cyber security is easy. 77% of CISOs say that their job affects their physical health – a damning sign that the role cannot be sustained in its current state. As we look to the future, let’s eliminate the idea that cyber security is a top-down requirement and spread the responsibility among everyone. The CISO might call the shots, but they shouldn’t harbor all the stress.