In 2004, as threats to technology were becoming more and more common, President George W. Bush and Congress declared October as Cybersecurity Awareness Month, with the goal to help people protect themselves online. To cap off Cybersecurity Awareness Month 18 years later, we spoke with 360 Advanced Practice Director John Kadechka about the history of cybersecurity and what it means to be “cybersecurity aware.”
How long have you been in Cybersecurity? What drew you to it?
I’ve been in this field for 17 years. Coming out of college, I was interested in being a traditional financial auditor but also had a passion for technology. This led me to the blended field back then of being an IT auditor. It quickly became apparent to me that the audits were becoming more and more reliant on technology and the IT auditor was playing a more prominent role. I then began to focus more on technology and what was becoming the cybersecurity field and less on the debits and credits side of the financial audit.
What is the history of Cybersecurity?
With the adoption of computers, networks, the internet, cloud, etc., there were increasingly more and more risks that were being created overnight with hackers continuously getting more creative with their various techniques. These cyber threats have quickly climbed to the top of the list of concerns for companies, boards, CEOs, and every individual who has digital data out of their direct control. Cybersecurity has been a household term for quite a while, however additional terms such as ransomware, phishing, etc. are now becoming household terms, too.
What changes in cybersecurity and compliance have you seen since you’ve started working in this field?
Early on in my career, there was no such title as a CISO (Chief Information Security Officer). The role was created; however, it still didn’t live up to the true Chief title, as quite often the CISO still reported to the CIO (Chief Information Officer). As cybersecurity became more important and the risk of a cyber breach had more direct impacts to a company’s operations, the CISO role also became more important, and we saw a dotted line to the CEO—and then becoming a direct CEO report. The CISO was also required to take on more responsibility and accountability by reporting to the board of directors, audit committee and, in some cases, reporting on shareholder quarterly calls.
What does it mean to be cybersecurity aware?
To be cybersecurity aware means building a strong cybersecurity posture while focusing less on prior cyber incidents. It means being agile enough to respond to new and unpredictable cyber threats. Also, being aware is understanding that breaches will very likely happen. A business should not operate under the assumption that a cyber breach will never occur. Instead, focus on ensuring your business is prepared to respond quickly and communicate as needed to your stakeholders.
What is the top reason to adopt strong cybersecurity measures?
It comes down to one word, with this word being something that is difficult to establish, build and then foster, however incredibly hard to rebuild if you lose it. The word is trust. Every business out there needs to develop trust with their many stakeholders, including clients, employees, vendors, and so on. Businesses do not want to experience the arduous process of attempting to rebuild trust and salvaging key stakeholder relationships.
What if cybersecurity seems too expensive?
Quantify the impacts of losing trust. Then relook at your business priorities. Ensure that adopting appropriate cybersecurity measures is at the top of that list.
What do you see for the future of the practice?
Hackers will continue to find new exploits. Governments will increase regulations. And more technology players will offer real-time, automated cybersecurity threat prevention. And if cybersecurity risk isn’t already at the top of the list for businesses, it will be.
What makes 360 Advanced different in helping businesses protect against cyber threats?
We do not use a “one cyber risk program fits all” methodology with our cybersecurity and compliance services. Instead, we implement a unique approach for each and every client and engagement we perform. Our mission is Making Better Businesses, and one of the ways we do that is by having real and in-depth conversations with clients to identify tailored solutions that work best for their current environment—and one that is scalable so they can meet future business goals.