The new asset of Cyber ​​Security after the general alarm

2 June 2020

The Covid-19 pandemic inevitably also affected companies that responded promptly by adapting to carry out their activities remotely. However, what cannot be “controlled” is the human factor and in this climate of uncertainty there is an exponential increase in the risk of cybercrime and a key role plays the cybersecurity expert. How should it act to guarantee safety in this historical period?

We talked about it with Michele Colajanni, Scientific Director of the Open Program in Cyber Security Management.

The pandemic is severely testing corporate resilience far beyond the cyber attack-related problems that have characterized our region in the past 18 months. On the other hand, in a context in which all, but indeed all business processes are based on IT services and digital information, requests for adequate security measures should come strongly from top management, not from promotional actions by the vendors or from requests from IT, which for years has been living in a state of frustrated awareness.

Despite decades of training and information activities, increasingly alarming reports also from the World Economic Forum, only after a cyber attack, the majority of top managers acquire adequate awareness of how financial, manufacturing, logistics, customer and supplier relationship processes depend on the perfect functioning of IT services and the network, and availability of digital information.

We too have made mistakes and, unfortunately, having understood it many years ago was not enough to change the beliefs and behaviors of non-experts. IT security was born in IT, but it was wrong to let IT manage it for many years for two reasons: controlled and the controller cannot belong to the same department; we reinforced the mistaken belief that cybersecurity could be solved through exclusively technological solutions.

Bologna Business School is providing for this industrious repentance. It has been three years since he activated the specialization course in Cyber Security Management.

The training objective is a small Copernican revolution: it starts from the priority needs of the business to determine which are the best procedural and technological solutions for each organization. Because there are no standard solutions, but only sartorial ones, therefore demanding especially from policies (determining “who can do what” is already a complex objective), of behaviors and of the methods and means to enforce them, including technologies. Never the other way round, with technology at the center of the universe.

Not all companies will be able to afford a position as Chief Information Security Officer, but I’m ready to bet that all companies will need a role that knows how to think primarily about cyber threats and how to minimize corporate vulnerabilities that include services and networks, but also managers, employees, suppliers and consultants.

The period we are living in will clarify and speed up this need, and only together will we make it.

Author: Michele Colajanni