By Jean-Christophe Le Toquin, President
CyAN is not quite 2 years old, but since we established the association in 2015, the world has changed more than many people – including me – thought it would, and not necessarily in the anticipated or desired direction. Many may not like where the world is going, but the good thing is that today we have much better visibility into what might happen in the future. We can now better prepare ourselves, identify threats, anticipate events and provide our responses accordingly.
Here are a few notes on how CyAN will contribute in 2017 and beyond
Our initial vision was that cybersecurity would not make significant progress until our society does two things:
- develop a cross-disciplinary approach and
- be inclusive of different opinions, those of both young and older people, and be inclusive of expertise from all regions of the world, regardless of gender, ethnicity, etc.
With regard to the first objective, we have been successful beyond our expectations: proliferating at the speed of the internet, the idea that organisations must develop cooperation among teams and make them work on a project- by- project basis has become very common. Most organisations of significant size will now claim they are working in a cross-disciplinary way. Doing so is much easier said than done, but we are confident that with persistence, in 10 to 15 years the work culture of many organizations will have significantly changed for the better. CyAN will continue to promote the importance of cross-disciplinary approaches, which are now mainly a question of hard work and proper implementation – see below for more details.
With regard to the second objective, the picture has changed dramatically. Two years ago, promoting diversity and openness to others were already mainstream ideas in most fields; however, they were not so prevalent in the field of cybersecurity and in the fight against cybercrime, which are relatively new disciplines. Many cyber experts tend to be proud of their knowledge and keen to differentiate themselves from ordinary and less informed users of technology (including those in their top management). Therefore, we thought CyAN would be helpful in reconnecting cybersecurity with the concept of diversity, but today the reality is that diversity is no longer a new concept and is widely practiced. To stay focused on cybersecurity, a number of organisations in this field restrict membership to certain trusted nationals from specific countries. So far, CyAN does not select its members based on their nationality and does not have any intention to change its policy. However, organizational makeup and membership may increasingly become strong differentiators as the world continues to evolve.
Now that we know that our world will go through a phase which will be more cross-disciplinary but perhaps not as inclusive as we would like , for probably the next 5-10 years at least, what’s the next challenge for us on a practical level?
Our newly elected board has adopted a three-pillar action plan :
- First, for the public sector, we have noticed that international institutions and governments struggle to find experts for activities/projects on cybersecurity and the fight against cybercrime. The problem is both on the client and the provider side.
- CyAN will collect and share information on Requests for Proposals (RFPs), Terms of Reference and other Calls for Experts released by governments around the world and will enhance dissemination of information. If more experts can avail themselves of more opportunities, governments will have greater choices and CyAN will have furthered the goal of global cooperation while giving our members greater opportunities.
- Second, for the private sector, the company board of directors is the place where cybersecurity strategies can be best discussed and receive top-down support. Boards become more interested as cyberattacks make the headlines almost on a weekly basis, however, our challenge is in getting them to understand that a cybersecurity strategy is not only about bits and events—it requires a more comprehensive approach. The lack of understanding and technical nature of the topic creates a barrier that is hard to overcome by both board members and the cyber experts themselves. In addition, the rapidly changing nature of the cyber threat requires constant attention to the topic.
- CyAN will develop an approach to sensitize company boards on cybersecurity and the fight against cybercrime. If more cyber experts can feel confident that they are able to talk to board members who should be receptive, with the right approach consistent with international practices, then companies will be more confident to address cybersecurity at the board level.
- Last, for everybody, cybersecurity should not only be discussed and promoted in many of the successful forums and events organised by and for cybersecurity experts, but it must also be part of the digital agenda and day- to- day reality.
- CyAN will partner with an international digital event to take place later in 2017, with the purpose of reconnecting cybersecurity with the other dimensions of our digital world.
We are fully aware that this action plan is ambitious and will require time to be fully operational and impactful; but the same is true of anything which is necessary and meaningful.
The world has become more predictable, let’s all work together to take advantage of what we know to start responding now.