Virtually all top business executives (96%) fully recognize what cyberthreats pose to their organizations’ financial, reputational and operational health, according to Accenture research published in 2023. Yet, very few of those who responded to the global survey of CEOs in 19 industries have confidence that their cybersecurity strategies can secure their digital assets, largely because those strategies are designed to react to attacks rather than anticipate them.
The study concludes that organizations usually don’t incorporate cybersecurity into business strategies, services or products from the outset. More than four in 10 believe cybersecurity requires episodic intervention rather than ongoing attention.
While cyberattacks on large corporations garner big headlines, small- and medium-sized businesses (SMBs) are much more likely to be targeted. Less than 20% of SMB leaders have effective cybersecurity measures. Accordingly, more than all cybercrime pinpointed entrepreneurial organizations.
Companies of all sizes, therefore, are breaking cybersecurity out of traditional technology silos, which is creating a high demand for business professionals with cybersecurity backgrounds who can lead operational and data security policy development and deployment. Graduates of the East Tennessee State University (ETSU) online Master of Business Administration (MBA) with a Concentration in Cybersecurity Management program are equipped to meet this demand with foundational skills.
Why Is Cyber Threat Intelligence Critical at the Department Level?
Entrepreneur reinforces the Accenture data regarding the value of ongoing information risk management training. In an age of increasingly sophisticated attacks, people in non-technical business units must be aware of vulnerabilities in the services and products they provide and use.
That is why companies now place a premium on cyber-savvy business leaders with digital security skills. Managers in non-technical roles collaborate with IT and security policymakers to ensure departmental compliance with network and information security measures, provide their teams with ongoing cyber risk governance training and conduct audits and assessments.
“Almost 90% of the data breaches are caused by human errors,” notes Entrepreneur, adding that hackers usually attack by tricking users into creating an attack point. “People can, therefore, be considered as the weakest link in any organization’s cybersecurity defenses.” On the other hand, properly trained employees act as “human firewalls,” Entrepreneur says.
What Are the Elements of Effective Cyber Threat Protection?
First, World Wide Technology advises companies to start by assuming a breach will occur and expanding on the National Institute of Standards and Technology (NIST) roadmap. The NIST recommends adopting cybersecurity policies on a framework that, among other functions, includes:
- Preventing breaches by controlling access to data and networks; conducting ongoing cybersecurity training at all organizational levels; and managing, testing and upgrading protection technology
- Responding to incidents by establishing processes to contain them, analyzing the vulnerabilities that enabled the attack and using findings from the post-attack analysis to revise security strategies
- Recovering from breaches by establishing measures that coordinate internal and external policies that enable organizations to resume data, network and operational services
While this framework can protect company information, it is not a complete solution. “Many organizations mistakenly lean on the NIST cybersecurity framework of identify, protect, detect, respond and recover to implement their cyber-resilient programs. But the NIST framework is predicated on preventing breaches, not getting ahead of them,” World Wide Technology warns.
Why Do Companies Need Proactive Cybersecurity Strategy Action Plans?
Cybercriminals are adopting advanced technologies. For instance, generative artificial intelligence enables them to launch brute-force attacks on perimeter defenses until they find or create a hole. They then exploit that vulnerability to insert an advanced persistent threat (APT) inside the firewalls, which can go unnoticed while stealing and corrupting data for months.
TechTarget gives examples of proactive cybersecurity strategy action plans built on the expanded NIST model. Various groups have deployed these action plans, including The Federal Reserve Bank of Boston (Boston Fed). The Boston Fed protects sensitive data by closely segmenting by type, governing how it is stored and using two-factor authentication to safeguard from unauthorized access from inside and outside the agency.
“By taking a more proactive, forward-thinking approach from the start, companies can address and mitigate future disruptions and cyberthreats,” according to Threat Intelligence.
How Do Business Professionals Acquire Cyberthreat Protection Expertise?
An MBA degree program that focuses on fundamental business skills and cybersecurity skills can help professionals aid companies in preventing cyberattacks before they occur. ETSU’s online MBA with a Concentration in Cybersecurity Management program, for instance, prepares graduates for high-demand senior management roles in digital protection policy and implementation as well as non-technical careers that require insights into detection, response and recovery strategies.
The ETSU program complements core MBA foundations — including those in marketing strategy, economics and data analysis — with an accredited cybersecurity management curriculum that features the following courses:
- Network and Information Security
- Cyber Risk Governance
- Information and Risk Management
These courses allow students to develop this in-demand cybersecurity prevention and reaction knowledge. With foundational business and cybersecurity skills, graduates can implement a cybersecurity action plan at nearly any organization.
Learn more about East Tennessee State University’s online MBA with a Concentration in Cybersecurity Management program.