Organizations now rely on computers for their data processing and the execution of core business functions. Therefore, they cannot operate optimally without addressing the issue of the security of their systems. The goal is to ensure full-time availability of services to customers. However, cyber insecurity compromises systems to the extent of leading to the unavailability or low quality services. Hence, cyber insecurity compromises the integrity of organizations or countries’ communications and information systems. It greatly interrupts the normal operations of nations’ security infrastructure and production systems. Cybersecurity threats are predominantly spread via the Internet and computers. Such threats involve electronic wars. Cybersecurity issues take different forms, including sabotage and espionage. Considering that leaders act as vision carriers for their organizations (Schiuma, Carlucci, & Lerro, 2012), they are expected to have clear, concise, and executable plans for dealing with cyber insecurity to guarantee long-term availability of services and production equipment. In addition to discussing the issue of cybersecurity as one of the top five leadership challenges, this paper explains how I as a leader would handle the matter in today’s business environment.
Cybersecurity as a Leadership Challenge
One of the key concerns of leadership is to induce a change that can guarantee remarkable organizational performance and competitive advantage (Bain, Walker, & Chan, 2011; Vithessonthi & Thoumrungroje, 2011). Leaders ensure successful organizational change through a “process of social influence, which a person can enlist the aid and support of others in the accomplishment of a common task” (Allio, 2013, p. 9). This process involves guiding by directing and controlling others to achieve a common goal (Rickards, 2015). A goal may involve the attainment of some degree of success within a stipulated period or upon the successful adoption of a prescribed change. Leadership development and implementation of policies for enhancing cybersecurity have a bearing on change because leaders are vision carriers of the desired situation, which entails ensuring that key organizational structures remain secure from cyberattacks
Enhancing cybersecurity has been a demanding task for leaders. A major challenge stems from the fact that any strategy for dealing with cyber insecurity requires the adoption of a defensive approach. Consequently, a leader can only initiate defensive strategies by blocking potential enemies to an organization’s information systems. This approach is challenging because ill-motivated individuals may successfully compromise organizations’ systems. For example, although many nations have adopted changes that seek to ensure that all information systems are secure, attacks still occur. For instance, in 2012, different media platforms reported allegations for India’s involvement in hacking one of the United States’ commissions systems of e-mail communication (Saksena, 2014). The communication structure principally dealt with security and economic relations between China and the U.S. Reports indicated that an Indian government’s detective hackers succeeded in placing a cyber spying military intelligence document on the Internet. According to Saksena (2014), this file discussed mechanisms for targeting China-U.S. communications processes.
The success of leaders’ cybersecurity strategies requires them to understand mechanisms through which attacks can be launched on an organization’s information systems. Hennig (2018) supports this position by observing the way enemies deploy different strategies to target an organization’s information systems, which can take the form of incapacitation or surveillance. However, Hennig (2018) presents cyber insecurity as a “politically motivated hacking to conduct sabotage and espionage” (p. 3). In the process of creating cyber insecurity, the enemy strains to destroy the effectiveness of information flow in the targeted systems. Consequently, efficient leadership in the development of cybersecurity strategies requires leaders to ensure the full-time accessibility of an organization’s information systems.
Despite the adoption of different strategies for addressing problems of cyber insecurity, technological changes open new loopholes, which enemies can effectively utilize to launch attacks. Leaders have always struggled to address cybersecurity issues brought about by technological advancements. According to Hennig (2018), the ever-increasing technological sophistication and improved ways of interaction between different parties in an online environment increase cybersecurity threats. Due to this fear, organizations’ leaders have had trouble in ensuring that their organizations remain aware of cybersecurity risks. For example, some organizations run cyber war drills and games on a regular basis. This strategy helps them to be prepared for electronic attacks from their adversaries. As Knapp, Maurer, and Plachkinova (2017) assert, the rising international dependence on technology in facilitating the operations of almost all industries has subjected countries and organizations to cyber war. For instance, computers are employed to spread propaganda, vandalism, and espionage among other things that damage the image of various organizations.
Upon using service denial as a mechanism for spreading cyberattacks, enemies shut down companies’ websites with the objective of silencing the target. Cyberattacks distract an organization’s operations by for attacking infrastructural installations and vital equipment (Knapp et al., 2017). Such attacks challenge leaders, especially in organizations that depend largely on electronically controlled systems in the production or delivery of services and goods. Nevertheless, leaders have had to strive to develop strategies for dealing with such insecurity issues.
Through espionage, enemies acquire companies’ secrets, especially classified information related to competitors, rivals, and individuals. Cybercriminals engage in this vice with the objective of compromising the integrity of organizational systems. They exploit the Internet illegally to threaten software and even networks operated by a given organization. Through intelligence, confidential details that are not managed securely may be interrupted and even customized, thus paving the way for espionage (Knapp et al., 2017). Any attempt by a leader to address proactively this problem encounters different challenges. For example, the legal interpretation of the crime in many jurisdictions compromises initiatives for addressing it. In fact, in the U.S., a major concern entails determining whether commercial espionage should be viewed as a breach of national security or a crime involving the contravention of intellectual property (IP). Leaders have experienced challenges when trying to fight enemies who engage in sabotage, which involves intentional disruption of operations relying on satellite communications. The challenge is worse when such disruptions are done on computerized information transmission systems. The main strategy for acerbating sabotage involves intercepting communications frameworks. Successful sabotage cyber insecurity leads to total disruption of order due to their possible replacement with wrong signals (Knapp et al., 2017).
The Extent of the Problem of Cybersecurity in Organizations
The increased need for the interconnectedness of various devices through the Internet compels organizations to move away from traditional information technology infrastructure. Indeed, cybersecurity is a threat to not only an organization’s infrastructure but also its processes and products, including those that have already been released to the market. Hence, it presents challenges to products throughout their lifecycles. Cybersecurity threatens customers’ privacy. Therefore, it constitutes a persistent issue in organizations that deal with products and services. The impact of cybersecurity threats escalates in a dramatic fashion following the connection of devices and appliances within an organization to the Internet. In fact, according to Knapp et al. (2017), corporate networks consist of hundreds of thousands of endpoints, which have little or no security. This situation complicates the security environment that leaders are expected to manage. However, leaders who successfully establish strong cybersecurity policies acquire an added advantage by building strong customer loyalties.
Kendall and William (2018) discuss the significance of product interconnectedness through an online environment coupled with organizational preparedness to deal with arising security issues. After examining data from a survey of 400 managers drawn from the UK, Japan, Germany, and the U.S., the study’s results indicated an overwhelming gap in different levels of insecurity preparedness and the prioritization of cybersecurity issues. For instance, from Kendall and William’s (2018) findings, 75% of all surveyed managers noted that the connection of devices to the Internet was not only important but also very vital, although this relevance increased with time. However, only 16% of them claimed that their organizations were developing or had well-established preparedness strategies for dealing with any arising challenges, including cyber insecurity. However, these authors link leadership to the low preparedness, especially when leaders fail to allocate sufficient financial resources to deal with cybersecurity issues. Organizations’ leaders have been challenged when it comes to protecting, preventing, detecting, and reacting to cybersecurity matters. This situation calls for leaders to develop policies to ensure that they respond effectively to cyber threats.
Considering various threats posed by cybersecurity such as espionage and sabotages, a question arises on why many organizations have not yet developed frameworks that can help to address such risks. Responding to this issue, Trottman-Adewumi, Kelley, Smuglin, and Markovich (2017) demonstrate the extent of laxity linked to leadership as observed through poor prioritization of agendas, the lack of precise responsibilities, the inadequacy of technical skills, and poor standards. These primary reasons reveal why many organizations have failed to focus on cyber safety risks. In addition, organizational leaders have failed to adopt current strategies or policy directives that trigger resource allocations to deal with cybersecurity issues. Poor discharging of roles regarding cybersecurity matters has created loopholes in the establishment of holistic tactics and approaches for addressing this menace. Consequently, it is critical for leaders to allocate tasks to individuals or departments, which, in turn, become answerable for the development and execution of cybersecurity guidelines that can help to detect and protect organizational infrastructure and products from threats and attacks.
How I can Handle the Challenge of Cybersecurity in Today’s Business Environment
Billions of devices that have now been interconnected through the Internet, increase organizations’ vulnerability to cybersecurity threats. Therefore, the amplified digitization requires me as a leader to not only develop but also encourage the growth of cybersecurity skills within organizations. Indeed, when almost every gadget used in any industry has been interconnected to various applications in an online environment, cybersecurity becomes even more apparent to companies, especially those that strive to protect their intellectual rights. One of the activities I can engage in to deal with cybersecurity entails capacity building to reduce organizations’ exposure to cyber threats while at the same time undertaking their online-based agendas. As a leader, I need to ensure that interactions taking place through the Internet are restricted to topics that are of significance to organizations.
Trottman-Adewumi et al. (2017) argue that information technology gives organizations a huge potential, which they can deploy to enhance their growth in terms of performance and profitability. It also provides room for services and product improvements through the increased efficiency associated with the application of sensors and actuators that boost automated operations via computerized systems. However, such systems remain prone to cyberattacks such as sabotage, which can target individuals. As Knapp et al. (2017) reveal, “Security breaches have already gone beyond stolen credit card numbers to potential targets that include the electric power grid, trains, or the stock market” (p. 110). For example, people who have invested in stock markets are likely to suffer financial harms in case systems for managing their investments are attacked electronically. In the organizational sphere, sabotage may stop industrial operations, especially in companies whose production is facilitated by through computerized systems. For example, a virus such as Stuxnet can infiltrate microcontrollers. It can then spread to different plants to the extent of interrupting all Internet-facilitated activities. As a leader who is aware of the damage done to organizational equipment and information systems, I can establish effective strategies for dealing with sabotage.
The lack of accountability associated with leaders is one of the reasons why many organizations are reluctant to develop and implement cyber safety policies. In dealing with the problem of espionage and sabotage, I need to campaign for the establishment of clear roles and responsibilities. Hennig (2018) supports this action by noting that no one player in an industry can succeed when working alone to develop efficient cybersecurity strategies. Major controversies have been cited regarding whether manufacturers or suppliers should take the lead. With this debate remaining unresolved, challenges also arise internally within organizations, especially when determining units that should specifically deal with cybersecurity issues. For example, production and customer services departments coupled with product development units may claim that the responsibility falls within the shoulders of the information technology security division. While noting that plant managers may have inadequate expertise in cybersecurity, I as a leader should encourage leadership by example to demonstrate that cybersecurity is a corporate issue that requires the attention and response from all organizational units. To bridge the gap in expertise observed among different organizational units, I can encourage the recruitment of people with technical cybersecurity skills who can then share the knowledge within the organization.
As a leader, I can implement various mechanisms for dealing with cyberattacks such as firewalls, invasion detection, and intrusion prevention systems. Firewall structures should be capable of detecting any potential cyber insecurity threats such as malicious malware. Firewalls discover threats as they enter into a system. Hence, they only block dangerous incoming traffic. Intrusion detection structures (IDSs) deploy reflexive ways to analyze data packets that go through the system without blocking them. They follow various rules that help them to identify any potential attacks. Upon detecting attacks, IDSs alert system administrators about the potential threat. However, they do not respond to attacks. Another potential strategy that I can execute involves the use of Intrusion Prevention System (IPS), which works on IDS constructs. It prevents malicious traffic and malware that are intended to attack organizations’ information systems. This structure shuts off all attempted attacks that are discovered flowing through the network. It can terminate connections in a network by blocking the enemy from having accessibility to the target user’s account.
As a leader, in addition to implementing firewalls, IDS, and IPS, I can also focus on five other important areas. First, I need to understand what cybersecurity means within the scope of my industry of operation, including how it affects an organization’s business model. Indeed, being more attentive to security issues implies an organizational change whereby a new culture has to be developed. In this case, all workers and stakeholders have to be informed about various security measures as a way of ensuring that they can report any suspicious operations in time. Consequently, as a leader, I need to be prepared to face challenges associated with this change of culture. In line with Vithessonthi and Thoumrungroje’s (2011) perspectives, people within an organization generally resist change, especially where there is an alteration of individual responsibilities or an addition of new ones.
In the context of enhancing cybersecurity, change involves creating its awareness among all stakeholders and taking individual responsibility to enhance security levels for organizational information systems coupled with production structures. However, such security measures should not entail complicated cyberwarfare defenses that attract a premium price from customers. Cybersecurity issues need to fit within an organizational business model whereby the prevailing framework can be used to accurately determine where a threat is positioned within the whole value chain. Indeed, as a leader, I need to ensure that employees and other interested parties are aware of major issues that make organizational systems vulnerable to cyberattacks. For example, being conscious of various scenarios of cyberattacks enhances their capacity to comprehend the underlying motivation for such intrusions. This understanding forms an important foundation for formulating strategies, which can then lead to budgetary allocation to address all threats to cybersecurity.
Secondly, I need to establish collaboration with different players in the cybersecurity defense industry. Cybersecurity threats cut across all organizations. Therefore, it not only influences the performance of an individual organization but also others across the business divide. This strategy calls for leaders like me to take proactive roles in establishing security standards that are applicable to not only one organization but also others. Such measures should match the security demands of other similar companies. As such, achieving this goal requires me to steer appropriate conversations with all industry stakeholders. For example, a leader in the banking industry should establish linkages with rival financial institutions to identify areas of mutual interest whereby issues that make the entire industry vulnerable to cybersecurity threats are addressed collaboratively.
Thirdly, it is crucial for me to prioritize the issue of cybersecurity as an important aspect in products and services lifecycle. In particular, I can establish mechanisms for monitoring the flow or exchange of information regarding production and service delivery processes. This strategy aims at protecting companies from cyber threats. For instance, I can lead my organization in developing security patches that can be updated through over-the-air capabilities (Kendall & William, 2018). However, such mechanisms for providing cybersecurity to a particular product’s entire lifecycle call for technological changes coupled with adopting a necessary organizational change framework. Indeed, it is important to create new organizational roles that foster the systematic integration of cybersecurity into an organization’s processes, products, and services.
Fourthly, as a leader, I can establish rigorous strategies for altering employees’ skills coupled with mindsets. The institutionalization of notions of cyber vulnerability awareness begins with the top organizational management. Consequently, I can operate as a mentor and a role model for embracing security behaviors with a view to instilling this culture in all employees. One way of realizing this goal involves rewarding workers for identifying loopholes or weak spots in an organization’s security systems instead of punishing them. In addition, I can enhance cyber protection behaviors by steering the process of recruiting employees who have some specific skills and knowledge regarding cybersecurity as the standard for an employment criterion. This strategy is founded on the understanding that creating the awareness of cybersecurity threats and embracing safety behaviors may further be enhanced through security specific training and development programs.
Lastly, it is crucial for leaders like me to create points of contact between security systems and external researchers who are well equipped with this subject. This approach helps in the development and implementation of post-breach plans for risk responses in line with the latest research findings. Perhaps, fallout from an effective response produces more damaging effects compared to an incident of cyberattack. Therefore, cybersecurity needs to be understood as an important constituent of a business continuity plan coupled with disaster recovery strategies. For example, in case of attacks from potential threats, I as a leader should create practical communication strategies that transparently, effectively, and appropriately help regulators, customers, and even investors to develop disaster awareness.
Conclusion
The increased Internet connectivity between an organization’s systems has created avenues for the spread of cybersecurity threats. This situation has been made worse through companies’ overreliance on sensors and actuators interconnected with computer systems. Leaders have the responsibility to develop policies and strategies for enhancing cybersecurity. They also need to influence and mentor employees with a view to adopting and embracing cybersecurity behaviors within organizations. As revealed in this paper, addressing the leadership challenge of cybersecurity requires collaboration among all organizational stakeholders.
References
Allio, R. (2013). Leaders and leadership – Many theories, but what advice is reliable? Strategy & Leadership, 41(1), 4-14.
Bain, A., Walker, A., & Chan, A. (2011). Self-organization and capacity building: Sustaining the change. Journal of Educational Administration, 49(60), 701-719.
Hennig, N. (2018). Privacy and security online: Best practices for cybersecurity. Library Technology Reports, 54(3), 1-37.
Kendall, K., & William, E. (2018). Including cybersecuirty in the contract mix. Defense AT&L, 47(2), 21-25.
Knapp, K., Maurer, C., & Plachkinova, M. (2017). Maintaining a cybersecurity curriculum: Professional certifications as valuable guidance. Journal of Information Systems Education, 28(2), 101-114.
Rickards, T. (2015). Dilemmas of leadership (3rd ed.). London, UK: Routledge.
Saksena, A. R. (2014). India scrambles on cyber security. The Diplomat. Web.
Schiuma, G., Carlucci, D., & Lerro, A. (2012). Managing knowledge processes for value creation. VINE, 42(1), 4-14.
Trottman-Adewumi, Y., Kelley, D., Smuglin, L., & Markovich, G. (2017). Assessing cybersecurity risks and practices in the broker-dealer industry. Journal of Securities Operations and Custody, 9(4), 302-312.
Vithessonthi, C., & Thoumrungroje, A. (2011). Strategic change and firm performance: The moderating effect of organizational learning. Journal of Asia Business Studies, 5(2), 194-210.