Why Cybersecurity Requires Process Engineering

Surviving Armageddon

For those of us who follow cybersecurity trends, we are in a time period of struggle and angst. I don’t remember it being quite so grim before. Where ever you get your information, even if you don’t work in cybersecurity, the feed is full of stuff going wrong. Do you see what I’m seeing?

• Increased volumes of attacks, not just ransomware, but general data theft and other mischief, that are impacting multiple organizations simultaneously
• Attacks that have severe consequences — loss of life, business-killers, critical infrastructure impact
• More government regulations — mostly quite sensible, but landing on organizations without the means to comply
• Cybersecurity layoffs — at a time when companies need security more than ever, heads are rolling in the name of efficiency not risk management — a bill that will come due whether the security teams are there to support them, or not
• New company liabilities that land directly on the Chief Information Security Officer — who often lacks the liability protections of other c-suite members

This isn’t just the warning shot across the bow, it feels like we are in a full-on war. Between attackers and defenders, regulators and companies, security…