October is National Cybersecurity Awareness Month, a campaign created by the U.S. Department of Homeland Security to reinforce the importance of Internet security. This year, we hardly need reminding.
We have the history-making Equifax breach of late September to thank. The breach of the credit reporting company’s repositories compromised personal data of more than 145 million people, potentially affecting nearly half of the U.S. population. During a handful of congressional hearings on the topic in early October, former Equifax CEO Richard Smith said the breach was the result of technical errors, but mostly a human one — Smith blamed a single individual in the company’s technology department for not applying a security patch to a software vulnerability in a timely manner, therefore leaving a back door open for hackers.
However, much like the members of Congress who questioned Smith during the hearings, we should be asking how such a thing could happen. How could the safety of millions of people’s personal and financial information be, in essence, left in the hands of a single individual?
In my opinion, the answer to that question comes down to leadership.
In today’s digital age, every business must cultivate a culture of cybersecurity. This responsibility must be borne not only by the Chief Security Officer (CSO) or the Chief Information Security Officer (CISO), but by all STEM leaders. These leaders need to be well versed in how their organizations protect customer and employee data, manage risk, and maintain compliance, and actively share that understanding with the C-suite and board. Furthermore, they need to systematically seed cybersecurity awareness throughout companies.
Just as the Toyota Production System (TPS) in the 90s left Ford in the dust by upskilling shop-floor workers to root out efficiencies, so must companies today upskill employees across the organization to identify and address cybersecurity risks. The responsibility to drive this corporate-wide learning and heightened cyber-awareness lies logically with STEM leaders positioned on the digital front line of corporations.
This STEM leadership onus is particularly true for companies like Equifax, with a business model heavily dependent on data. Had Equifax’s leadership better understood its cyber vulnerability and the mass-awareness needed to protect its assets against a single point of failure – and a human one, at that – perhaps this breach could have been avoided entirely. One report states that Equifax had to take its consumer complaint portal offline for 11 days while the security team found the back door that hackers had exploited and sealed it. Forget the severity of the data breach for a moment; even just the thought of having to shut down a customer portal for 11 days to deal with a cyberattack should send chills down any IT leader’s spine.
National Cyber Security Awareness Month reminds us of the magnitude of the cybersecurity threat. With a shortage of skilled cybersecurity professionals expected to reach 1.8 million by 2022, expect an even greater demand for STEM leaders with the rare but powerful capacity to shape a corporate workforce wired to protect brands from the devastating effects of cybercrime. I’m a strong believer that technical professionals who want to become leaders need to learn how to think strategically, communicate effectively, and understand technology in the human context. As Equifax has shown us, growing a cybersecurity-aware culture should be added to that list.