You may not recognize a SQL Injection attack from a Distributed Denial of Service problem or a Point of Sale breach. You may have no detailed understanding of the inner workings of your IT infrastructure that was started 30 years ago and has evolved under leadership that has averaged 4 years in tenure. It is unlikely that you’re going to start studying for the myriad of certifications that have evolved in the years past. While you may not understand, you as a business leader (board, CEO, C-Suite exec) are responsible for the survival and ongoing health or your organization.
Like many complex problems you face in your organization, you need to take a strategic approach to the planning and execution of your cyber threat defenses. Hiring the right technical people with appropriate background checks is a good first start. Working with your team and outsiders as validators to craft, hone, exercise and prepare your overall strategy is another step that should be familiar as a business process. Risk assessment and budgeting, insurance, contingent contracting and other supporting business elements will make the technical team understand their mission more, and eliminate some of the friction that arises when there are disjointed activities. Senior management also needs to work with the entire organization to build a cyber-aware culture that practices basic cyber hygiene tasks daily.
With coordinated efforts between organizational leadership and tactical personnel that are working hard every day to eliminate and mitigate evolving threats, your organization is more likely to prevent attacks, and to be trained and prepared for an attack.