Today, when businesses find themselves entrenched in unending cyber conflict and threats lurk in every corner, Sun Tzu’s admonition to know thy enemy and know thyself are prophetic. Despite years of effort and investment, hackers continue to gain ground even as business leaders who invested in advanced technologies look to IT for answers while stubbornly clinging to the misconception that IT alone is responsible for security.
Traditionally, executives placed the Chief Information Security Officer (CISO) within the IT department, where they focused primarily on managing cybersecurity threats with technical measures — a vulnerability in itself. To know thyself is to know that this approach is inadequate and treats cybersecurity as a series of isolated skirmishes rather than an all-out war that demands a comprehensive strategy.
Placing the CISO in an IT silo is akin to fighting with one hand tied behind the back, with little knowledge not only of the enemy — a foe that is sophisticated and determined — but also one’s own colleagues and defenses. To be effective, the CISO must, like a battlefield officer, work with keen intelligence of the organization on hand and the support of its C-suite. Just as in war, where adaptability is key, businesses must adapt their approach to leadership in order to effectively repel attacks that will only grow more complex.
