Many businesses still think of cyber security as an IT function - it’s one of the most enduring myths we face in the industry. This is bad news. Cyber security is not just an IT problem: it is a business problem. Cyber security is risk, and risk is a business issue. Cyber is so much more than a collection of IT controls, yet it’s an uphill battle to get it seen as anything else.

Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.

The business risk of a cyber attack is never going away, as cyber criminals continue to develop more innovative ways to access your data. At the same time, organisations have increasing compliance burdens placed on them, such as ISO 27001, Cyber Essentials, and ad hoc information security requirements. This means businesses are under more pressure than ever to set a strong security strategy and, crucially, stick to it.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

The CISO role has evolved in recent years. CISO’s don’t come just from technical and security backgrounds anymore. Each organization has their own distinct vision for how to solve their security needs whether they are customer, regulatory, or industry driven. I started out my career as an external auditor, with the goal of becoming a CFO.