Enterprise leadership is not only knowing how to lead, but when to follow.
Recent events have demonstrated that sometimes, to lead is to follow. Here are five key areas when following is the path to great leadership. 1. mobile security
The single richest target for mobile cyberattacks is the c-suite, according to a report from MobileIron called "Trouble at the Top" (and also according to common sense).
If targeted socially engineering attacks via email and SMS aimed at employees can be described as a "spear phishing attack" or "phishing attack," those targeting high-level executives is a "whaling" attack. As in a big-fat target.
Enterprise leadership is not only knowing how to lead, but when to follow.
Recent events have demonstrated that sometimes, to lead is to follow. Here are five key areas when following is the path to great leadership. 1. mobile security
The single richest target for mobile cyberattacks is the c-suite, according to a report from MobileIron called "Trouble at the Top" (and also according to common sense).
If targeted socially engineering attacks via email and SMS aimed at employees can be described as a "spear phishing attack" or "phishing attack," those targeting high-level executives is a "whaling" attack. As in a big-fat target.
Top executives tend to carry and have access to higher-value data. They also tend to have the most relaxed attitudes toward mobile security, according to MobileIron. Such executives find mobile security protocols frustrating, limiting and confusing.
Leadership and authority means that the c-suite has the power to ignore security protocols -- using unsupported devices and apps and skipping multi-factor authentication, to name just a few examples. But this is a mistake, and a common one.
Leadership doesn't confer expertise. It simple means that your own personal mobile security tools and practices need to be at least as strong as other employees, or you become the perfect target -- easier to hack and more profitable to breach.
So when it comes to tools, policies and practices for mobile devices, enterprise leaders need to follow the lead of security specialists in the company -- and show all employees that security systems are for all employees, no exceptions.
A few years ago, I was leading a brainstorming session among IT leaders and security specialists. One of the participants was the security lead for a major metropolitan court system. One of his first initiatives upon taking the position was to fix their almost non-existent password policy, which included requiring strong passwords.
One judge -- whose password for accessing the court system, including court records, was something like "password123" -- simply refused to use a strong password or even change his weak password for another weak password. He just didn't want to and flat-out refused.
Since no one overruled the Judge -- an exception was made so he could continue to use his easy-to-guess password (which he no doubt used elsewhere as well). This failure of leadership -- this unwillingness to follow -- exposed the community's legal system to a catastrophic privacy breach.
He did this because he was a bad judge -- or, at least, was a man capable of bad judgement -- and a weak leader.
Leadership in this case is to follow the password rules like everyone else.
Ok, you still need to lead and not follow on this one.
But it's time to take the recommendations of security specialists in your organization more seriously when they recommend security budgets.
Gartner says spending on information security may increase only 2.4% this year, down from previous projections of 8.7% (total 2020 security spending is expected to exceed $123 billion). Cloud security spending is expected to grow 33.3% this year.
