Excerpt from GARP.org
The fast-changing threat landscape requires a data-centric paradigm shift
By David X Martin
Corporate cultures do not change quickly – they migrate. Most organizational development experts offer the same recipe for culture change: (1) pick the right leadership, (2) recognize and reward the behaviors you want to encourage, (3) communicate clear values, and (4) provide extensive training.
But this recipe won’t work for the ever-evolving, shape-shifting, constantly moving target that is cybersecurity. Most employees aren’t interested in their own digital security, much less their company’s. Therefore, changing a company’s culture to strengthen security is especially difficult – requiring a paradigm shift in order to keep pace with the threat landscape.
Most people think of security as the protection of a company’s digital environment – a virtual hardened shell, protected by security guarding the company’s networks, servers, and applications. The problem with this paradigm is that when you focus on the environment, the security employed becomes an end in itself and is not directly related to the data it’s trying to protect.