Measuring Risk and Clear Communication: Step 4 for TruRiskTM
In the ever-evolving digital landscape, effective cybersecurity is not just about technology and talent, but also about organization, communication, and strategy. This lesson was vividly illustrated by the NotPetya attack of 2017, which affected a global shipping and logistics company despite its strong tools and sound practices. The attack exposed a critical weakness: collapsed communication and coordination.
Winston Churchill, in his wisdom, highlighted the importance of effective organization in achieving success in any struggle, whether in war or peace. This sentiment resonates deeply in the realm of cybersecurity. Lack of structure can cause even the strongest plans to collapse under pressure.
To address this challenge, modern cybersecurity teams can leverage established frameworks such as NIST 800-37 Rev. 2 and 800-39. These frameworks offer a proven playbook for maturing security posture and turning intelligence into prioritized action.
NIST 800-37 Rev. 2 lays out the Risk Management Framework (RMF), a repeatable process for selecting, implementing, assessing, and continuously monitoring security controls. On the other hand, NIST 800-39 RMF focuses on organization-wide risk management, aligning cybersecurity with mission objectives, assigning clear ownership, and embedding risk directly into business decision-making.
One of the key principles from NIST 800-37 Rev. 2 is cybersecurity as a business function, emphasizing the need for a structured link between technical action and business needs. This principle was echoed in the aftermath of the NotPetya attack, where the affected company began mapping and building foundational systems, rewriting Business Continuity and Disaster Recovery plans, creating and validating asset inventories, and integrating risk-based decision-making into every critical function.
Success in cybersecurity also relies on factors such as information, available resources, and clear mission priorities. With tools like Qualys ETM, organizations operate from a single source of truth, measuring, communicating, and acting on risk confidently across teams. ETM enables customized Business Entity creation, assignment of risk tolerance, and tracking exposure.
The Enterprise TruRisk TM Management provides cockpit-level visibility into risk, with search tokens, dynamic report tools, and automated continuous monitoring response rules. This level of transparency and automation is crucial in a digital world where adversaries move fast, automate, and strike where defenses are weakest.
The art of leadership in cybersecurity is often associated with effective communication, as stated by James Humes, a former Presidential speechwriter and author. The Dowding System, used during World War II, is a prime example of this. This system brought order to mountains of intelligence and data, enabling maximum impact of limited resources by integrating radar, ground observers, and command centers into a live operational picture.
The Dowding System enabled rapid identification, vectoring of fighter squadrons, and centralized decision-making under pressure, giving Britain an edge during the war. In the same vein, the structure to improve communication and coordination in the cybersecurity department, first developed and implemented by Maersk after the NotPetya attack, has proven to be a game-changer in the modern digital battlefield.
In conclusion, the tactics of effective cybersecurity leadership rely on continuous improvement, clarity, structure, and agility. By applying these principles and leveraging established frameworks, cybersecurity teams can build resilient systems that translate information into swift, confident action, ensuring success in the face of any struggle, whether in war or peace.
