In military operations, good leaders never make a move without the best available intelligence and a strong sense of situational awareness. To do otherwise is tantamount to flying blind, something a good pilot or business leader should avoid. Unfortunately, too many leaders of industry and commerce seem to be flying blind in today’s cyber domain. “The Cyber-readiness Reality Check,” an independent survey recently commissioned by my company, CounterTack, Inc., reveals that more than one-third of cyber security executives at companies with revenues greater than $100 million are unable to see an attack once it finds its way inside the perimeter of their systems. This lack of awareness  may help to explain why only about half believe they’ve been targeted by advanced threats within the past year, despite industry data showing the number of these organizations under attack is much closer to 100%. The problem is exacerbated when senior leadership defers to the IT department in all matters pertaining to information security. “That’s our CIO’s responsibility,” is a comment I often hear when speaking with senior and chief executives about cyber defense. This attitude is especially prevalent at financial services entities. While IT security departments certainly must bear responsibility, the executive leader at the top of any organization should understand and take ownership of the problem if security is to have a fighting chance of attaining the resources needed for effective self-defense. Today’s advanced and evolving cyber challenges require a new approach and dedicated resources, but many organizations seemingly have yet to figure this out. Nearly half of survey respondents say they need a better-educated security team with 44% indicating a lack of time or resources as the reason they don’t have one. Other survey data indicates cause for optimism but also some misguided enthusiasm. According to survey responses, most organizations favor the idea of a military-style approach to cyber defense (emphasizing real-time intelligence gathering and situational awareness) – but more than half thought their companies would be well served by the ability to “strike back” against their attackers. In my … Continue reading Winning Cyber Battles Without Fighting