Dr. Eric Cole is an industry-recognized security expert with more than 25 years of hands-on experience. Dr. Cole is the founder and an executive leader at Secure Anchor Consulting where he provides leading-edge cyber security consulting services, expert witness work, and leads research and development initiatives to advance state-of-the-art information systems security. Dr. Cole was the lone inductee into the InfoSec European Hall of Fame in 2014. He is actively involved with the SANS Technology Institute (STI) and is a SANS faculty senior fellow and course author who works with students, teaches, and develops and maintains courseware.
Christopher Skroupa: How important is the connection between boards, executives and senior management in building company resilience?
Dr. Eric Cole: It is important that there is agreement between the boards, executives and senior management on the security posture for the organization. However, the connection that is often broken is that the executives are not receiving accurate information from the security team. The information that is being used to make decisions often comes from the CIO and this information is biased and does not represent an accurate representation of the state of security within an organization.
Skroupa: What role does communication play in effective resilience innovation?
Dr. Cole: Accurate, regular, and timely communication is crucial. In many organizations the communication is either not frequent enough or the right information is not presented in a timely manner so proper decisions can be made. After a breach, communication occurs very efficiently; however, that communication needs to occur before a breach occurs not after.
Skroupa: To what extent is company resilience reliant on technology vs. better alignment operationally with executives?
Dr. Cole: In most organizations technology is not the problem, the configuration of the technology is the problem. The real problem is not having proper head count on the security team to properly support the mission of the organizations. Alignment is irrelevant if the security team is not staffed with the right people with the right skills. While technology and alignment is important, organizations not properly staffing the team, is one of the reasons why they are failing.
Skroupa: How would you assess C-Suite absorption of the scope of cyber and big data breaches?
Dr. Cole: Based on the number of breaches that have occurred this year, many C-suite’s are scared and concerned but they do not have enough security knowledge to know why. Therefore they are heavily relying on the CISO to gather and provide the details they need. If they do not have a CISO, they are creating the position so they have someone with the proper authority.
Skroupa: What is different now vs. last year in company response to assessing threats?
Dr. Cole: The big difference is organizations are recognizing that the threat is real and that any organization can be targeted. Last year organizations knew that there were threats but felt that bad things happen to other organizations. They now realize that no one is immune and everyone will be targeted and compromised. Therefore, they are trying to scramble to make sure security is being properly addressed. In many organizations, they fail to realize that security takes a long time to implement, and short term effort is too little too late.
Serhat Cicekoglu, Director of Loyola University Chicago,Quinlan School of Business, Center for Risk Management adds: “Resilience capacity of an organization is developed as a composition of several factors— with the role of these factors better understood or researched more than others in a resilience context. Technology and its implied outcome- innovation, is not always top of the mind with respect to resiliency management. A look at the history of the industrial era over the last 100 years or so shows that companies that focused on product and process innovation, and nowadays focus on total user experience, are standing tall against the fierce competition. This competition may not be operating through fair practice or even in a legal manner and now may come from all corners of the globe. Innovation is one of the best tools companies have to combat this.
On January 28th, 2015 , Loyola University Chicago, Quinlan School of Business, Center for Risk Management will host its second Executive Dialogue Series seminar program on Innovation: Building Company Resilience. Continue the discussion with Dr. Eric Cole, Serhat Cicekoglu, Director of Quinlan’s Center for Risk Management, and a select group of 25-35 company executives and internationally renowned experts on resilience. To inquire about attending contact firstname.lastname@example.org.