Cyber security calls for new management styles
- 09 October, 2017
- Amsterdam Security
Better prepared against cyber attacks? Start by changing your business culture and management approaches, say Inge Philips and Jelle Niemantsverdriet, cyber risk specialists of Deloitte.
Last year, Inge Philips left her prominent position in the Dutch Criminal Investigations Division (Landelijke Recherche) to become director of Cyber Risk Services at consulting firm Deloitte. This longtime specialist in counter terrorism and high tech crime was recently elected ICT Professional of 2017. Philips and her colleague Jelle Niemantsverdriet, who fulfills a similar role, will be the keynote speakers on the 31st of October at the Amsterdam Security Convention.
Jelle Niemantsverdriet answered a few questions on the upcoming keynote.
What will you talk about during the Convention?
"Inge and I want to explore how organizations and security teams can organize themselves to be more effective. Many companies are still structured in an old fashioned way. With management approaches that go back to the time of the conveyor belt. Managers line up all the people, give them tiny tasks and survey the output. There is strong hierarchy, a lot of red tape, no room for initiative…. Weirdly enough, this still applies to many organizations, whereas we need the exact opposite values to be strong and effective today."
How does this apply to cyber security?
"This especially concerns security management, in which we tend to build all these layers of defense that quickly become layers of excuse. People feel something is not really their responsibility. Or they do not want to interfere with the work of others, so they let it go. Measures may look great on paper, but in real life they fail. Cyber attackers are extremely quick and innovative. They take advantage of these strict and hierarchical business cultures. Managers should instead trust their people, let them be creative and give them room for improvisation and quick action."
That sounds like the exact opposite of a protocol?
"Precisely, and that is why this is an interesting topic to explore. Security often aims for an imaginary reality. We tick all the boxes and think we are safe. But this might not be the most effective way. I like the example of Netflix. Every month they cause chaos in their own systems, to train their security team to expect the unexpected. And that is exactly what we need: less protocol, more trust, more flexibility."
Does this call for board room engagement?
"In general security should less be seen as a separate responsibility of just a small group of people. Security is a key part of doing the right thing, of the quality of a company. Clients and partners rely on this more and more. This is why security must be felt and understood by all the teams in a company and this should be clearly advocated by the leadership. We need to integrate security from the beginning and make it part of all the processes and not just sprinkle it over afterwards, like Parmesan on pasta."
Inge Philips & Jelle Niemantsverdriet (Cyber Risk Services Deloitte) keynote on 31 October 2017, 10.00 hrs at Amsterdam Security Convention. Indepth-session 'What are your cyber risks?" by Jelle Niemantsverdriet on the same day at 13.00 hrs.
Do you want to visit Amsterdam Security Convention 31 October – 2 November? Register your visit now.
Preview? Check this video of the presentation 'Security is dead' by Jelle Niemantsverdriet at the DevON Summit 2017.