CISOs Beware: The #1 Way Enterprises Compromise Their CyberSecurity
Organizations compromise their network security by not having the rigor and oversight to get everything right every time. When things go wrong, it’s rarely due to a lack of technical skills. It’s the organization and planning to get the administrivia right to the finest minutia.
The Equifax security debacle of 2017 is the perfect example. The root cause was one software engineer missed one patch on one piece of software. A single mistake causes a breach that can lead to catastrophe. In this environment, projects require perfect plans and flawless execution.
Investing more in technical talent to execute cybersecurity would not have solved the problem. Any software engineer can update software.
Investing more in planning is likely not the solution either. Surely, software patches were part of the plan.
Perfection Is Possible
While the threats to project failure are new, the solution is as old as the science itself. Execution suffers from a lack of project management bandwidth when project managers are running too many projects to do it flawlessly.
When IT leaders say they’re investing in project management, they usually are investing in planning, not execution. When they say they’re investing in execution, it’s usually going toward the technical elements. What gets overlooked is execution management.
In order to get every last detail right, the leadership can’t slack after creating the baselines. There needs to be enough strong leadership in place to ensure the technical resources are getting their homework done to the exact schedule, budget, and spec. Otherwise, there will be variances. When no one notices those variances, the scope creeps. And when there isn’t enough strong leadership to establish project control, no one makes the adjustments necessary to save the project. This is the recurring pattern that sends projects off the rails time-and-time again.
This is the aspect of cybersecurity that most organizations overlook. You need a management infrastructure that can live up to the rigorous goal of never allowing any mistake of any magnitude. Ever.