Cyber Breaches You Don’t Yet Know About
Late last week, I shared a conversation with a CISO who informed me of two breaches in his industry that have not yet been made public.
One breach is a very large POS (Point of Sale) breach. In this case, millions of credit card numbers have been compromised.
The other incident is the breach of a very large company’s PBX telephone system. Long distance calls have been made for quite some time around the globe resulting in significant telephone bills for the company that owns the PBX system.
In both cases, the CISO suggested that the companies involved have Boards of Directors who are not taking cyber threats as seriously as they should. The CISO suggested that these Boards of Directors have a mindset that what’s happening to other companies won’t happen to them.
What’s The Hot Cyber-Security Skill I’m Thinking About?
Over the weekend, I gave a significant amount of thought to the implications of these breaches and other breaches that have already occurred. My thought process traveled beyond the obvious; exposed credit cards and fraud that either banks or the breached merchant will have to absorb.
My thought processes frequently go to what will benefit a security professional’s career growth and “Personal Stock Value”. This is the value an employer will pay a security professional for the value a company perceives the security professional will bring to their organization.
On one hand, it would be great for a CISO candidate to go to an interview where he/she talks about having never been breached during their tenure as a CISO.
On the other hand, since breaches are inevitable, it’s not a matter of if but a matter of when a breach will occur in any given company. A hot skill set a CISO can bring to a new employer’s table is that of Incident Response and Handling Breaches.
What’s involved in Incident Response and Handling Breaches?
While there is a significant technical component to handling a cyber-security incident, there is a significant amount of this skill set that has to do with communication skills and behavior.
Beyond one’s technical skill, another skill one needs to master to be great at incident response and handling breaches is this skill set that I came up with many years ago while working on a very complex Chief Security Officer search in the entertainment industry:
Knowing what to say, when to say, how to say, to whom to say and when to say nothing
This skill set involves many of the skills that make up one’s Emotional Intelligence. Beyond IQ alone, it is improved Emotional Intelligence that will move a person’s personal performance from good to great.
It is high Emotional Intelligence that will give a CISO or CSO the interpersonal skills they need to handle the interpersonal communication complexities that come with a cyber breach.
Improved Emotional Intelligence will give a CISO or CSO the skills they need to master the non-technical side of their profession.
What Can You Do?
In 2015, you can make a commitment to find out where your personal Emotional Intelligence scores are relative to other leaders.
If necessary, you can engage in coaching to improve your Emotional Intelligence which in turn can increase your personal performance, your career growth prospects and your “Personal Stock Value”.