Aerial city night traffic

Four factors to shift your cybersecurity mindset

Related topics

Digital transformation can expose organizations to greater cyber threats, but hiring people with diverse mindsets can help rethink risk.

When the SolarWinds breach and Colonial Pipeline ransomware attacks made headlines for weeks in 2021, many enterprise leaders turned to evaluate their own organization’s cybersecurity efforts. While a majority of businesses have increased investments in cyber over the past 15 years, making a safer enterprise is not just about adding dollars — it’s about a mindset shift.

Cybersecurity is more than a technical problem, says Shawn Henry, President of Services and Chief Security Officer at CrowdStrike: “Cyber needs to be addressed as an enterprise business risk by every organization; it’s got to be front and center.”

Digital transformation means more risk

As organizations undertake digital transformation and adopt more and more technologies, such as the cloud or the internet of things, they expose themselves to much greater risk. “There’s a balance between security and convenience; you can’t have both 100%,” Henry says.

Threat actors have different goals

Organized crime groups target organizations from a financial perspective, whereas nation-states, which are well-sourced and well-funded, primarily conduct electronic espionage. So-called “hacktivist” groups target entities based on their social or political agenda. The toughest to defend against are insiders, who pose a high risk due to their knowledge of the organization.

Practical steps have big benefits

When was the last time your organization conducted a cybersecurity drill? Many businesses perform them either very infrequently or not at all. Drills are relatively inexpensive to do, and always less expensive and less time-consuming than a breach. It doesn’t pay to ignore them.

“I think the cyber threat is a lot like the five stages of grief,” says Jason Bliss, Executive Vice President, Chief Administrative Officer at SolarWinds. “Everybody goes through denial, anger, bargaining, and no one can get to acceptance. And so there’s a lot of bargaining going on right now.”

Cybersecurity talent needs diversity

Cybersecurity hires have been very much a monoculture — not just in terms of gender and race, but also in mindset. As cybersecurity professionals take on business roles that require lateral, expansive thinking, organizations need to broaden what they look for. It’s a good idea to bring in people with diverse thinking and different backgrounds, and to look beyond technical certifications.

Global business leaders on shaping a green future

Leading executives and entrepreneurs share how they are rising to meet stakeholder expectations for sustainability


Securing an enterprise against cyber risk requires more than increased investment, according to attendees at a recent EY workshop. Understanding the risks of digital technologies and the goals of hackers, alongside practical drills and diverse hiring, can make a difference.

About this article