Need for leadership in cybersecurity

Things change – either through a crisis or leadership, with leadership being the best option of the two.

Jarno Limnéll, 05.04.2018

This includes digital security and its development, whether done as risk management or to strengthen your competitive edge.

Last year, Aalto University and the University of Jyväskylä completed a study for the Government, on the current status of, and weaknesses in, cybersecurity in Finland. One of the main conclusions of the study is that clarifying and strengthening leadership is a key issue in realizing Finland's cybersecurity vision. Similarly, the Implementation Programme for Finland's Cyber Security Strategy for 2017–2020 highlights the importance of leadership, in particular, in cybersecurity. The same emphasis is made by other Western digital security evaluations. Leadership and management are clearly a critical issue in modern, digital societies, just as they are in companies.

Clarifying and strengthening leadership is a key issue in realizing Finland's cybersecurity vision."

Technology is developing more rapidly and radically than at any other time in history, and the pace is accelerating. Everything that can be digitalized is being digitalized, and we are connecting everything to the Internet that we can. Working practices and business models are changing at the same time. During my recent participation in the World Government Summit, my international colleagues were certain that the human brain would be the next major target of digitalization. Little wonder, then, that the importance of digital security is growing – in an environment increasingly dominated by technology and digitalization. Digital security is already the lifeblood of both societies and businesses, given that every company is a digital company.

No wonder, then, that Finland is currently engaged in figuring out, in practice, how to organize the strategic management of digital security within our society. Companies are creating more and more executive positions in cyber expertise. Digital security is regarded as an indispensable, strategic issue, which requires strong leadership.

Strengthening cooperation networks is a necessity when managing digital security."

Due to the complexity and speed of change in the business environment, management of digital security requires extensive know-how and willingness to engage in continuous self-development. You need to be able to continuously evaluate the threat environment and factors, as well as your own vulnerabilities. Strengthening cooperation networks is a necessity when managing digital security. So too is the clear definition of digital security goals. There is a need to understand different security technologies, in addition to means of responding to information warfare. On the other hand, communication and resilience are becoming increasingly important areas of digital security. In essence, because security is a strongly cultural issue, this involves creating the right kind of digital security culture for your own organization. This emphasizes practices based on a culture of accountability, as well as having the right attitude, at all levels of an organization. Digital security affects everyone.

Recent studies have prompted me to consider what the key issue is, in terms of digital security and security in general. We should ask “how can we strengthen trust?” rather than "how can we strengthen security?" In principle, digital security is a question of trust – its preservation and consolidation. Security and trust go hand in hand. Trust is manifested as a strong value for both societies and businesses.

We should ask “how can we strengthen trust?” rather than "how can we strengthen security?""

It should also be stressed that digital security is not distinct from "other security." It is becoming increasingly important to take a comprehensive approach to security. Let me cite an example. In January each year, I carefully read the risk assessment of the World Economic Forum for the coming year. This year's report is particularly interesting.

The report estimates that, this year, the world is most likely to be threatened by various natural phenomena and catastrophes, cyber attacks, and data hacking with the associated data leaks. These occupy the top five places on the list of threats. The importance of cyber threats has clearly increased, compared to reports from previous years. The report states that growing technological dependence will be a key threat to the world economy over the next 12 months.

When reading this year's report by the Economic Forum, the reader’s attention is drawn to greater mutual interaction between threats, rather than individual threats. In sum, we need a growing understanding of security as a whole, rather than only the emergence of individual threats. The report draws particular and important attention to just this "weakness in assessing the complexity of threats". We should also highlight the importance of evaluating a range of factors when assessing our own security. Security should be assessed and implemented as a whole, and leadership is an indispensable success factor in this.

Jarno Limnéll is Professor of Cybersecurity at Aalto University with more than 20 years’ experience in the field of security. He is an instructor in various programs by Aalto EE and Aalto PRO including Diploma in Digital Security and Diploma in Safety and Security Management.

Currently reading: Aalto Leaders' Insight: Need for leadership in cybersecurity