Jeff Dawley – President and Founder of Cybersecurity Compliance Corp.
In 2017, I found myself once again in the position of Chief Financial Officer taking on an IT department and looking for information on how to assess the department’s performance, but more urgently in today’s environment, our cybersecurity status.
After several months of research and seminars, it became clear to me that the market was inadvertently conspiring to prevent small businesses from having the ability to engage affordable, stage-appropriate cybersecurity help that would actually provide a full picture of our cybersecurity exposure.
Subsequent conversations with business executives, board members, and industry professionals confirmed that there are two particular barriers that make it difficult for small businesses to find a starting point when dealing with their own cybersecurity needs.
First and foremost, there is a growing shortage of qualified resources in the Cybersecurity space. According to (ISC)2, the shortage of professionals around the globe is just under 3 million, with roughly 500,000 of those positions located in North America1.
The laws of supply and demand tell us that a shortage of this nature and magnitude is going to lead to higher, not lower costs, and consulting engagements around cybersecurity are already priced beyond the reach of many small-to-medium-sized businesses.
The other barrier faced by founders and small business owners is confusion in the marketplace. I guarantee you have seen some inflammatory article or headline on a nearly hourly basis vilifying the management at some poor organization who has been the most recent victim of a successful cyberattack and data breach. Combine that with more than a dozen accepted frameworks, a similar number of cybersecurity micro-credentials, and thousands of technology companies on soapboxes shouting about how their particular software is able to protect you from the very scary bad guys who are out to get you. That’s a lot of noise. The combination of expensive consultants and a noisy marketplace has unfortunately paralyzed many small businesses today when it comes to cybersecurity. According to the Ponemon Institute, almost half (47%) of the companies surveyed have no understanding of how to protect themselves against a cyberattack2.
Breaking through these barriers means finding a place to start that everyone can understand. All companies should conduct an assessment of their cybersecurity environment against a globally recognized framework, regardless of size. Some of the leading frameworks include NIST CSF, COBIT, ISO 27000, PCI DSS, HITRUST. This is not comprehensive, but you get the idea. Implementing a framework-based approach to cybersecurity doesn’t mean investing tens of thousands of dollars in consulting engagements. There are assessment solutions available that provide businesses with the ability to self-assess, providing a starting point for remediation and an immediate lift to the security of the organization. Whether you are taking your first cybersecurity step or re-evaluating your environment, make sure you take aim at the entire target, your full cybersecurity environment, before spending money on something that might not be the right first step for you.
1. Cybersecurity Workforce Study, (ISC)2, 2018
2. 2018 State of Cybersecurity in Small & Medium Size Businesses, Ponemon Institute, November 2018
In 2018, Jeff co-founded Cybersecurity Compliance Corp. to address a communication gap in the cybersecurity space. The Cybersecurity PulseTM solution was created to provide board members and non-IT executives with a complete view of their cybersecurity environment while equipping IT professionals with a framework-based assessment and roadmap for future improvements. Jeff’s career has seen him operate as a CFO, CTO, and CIO spanning across many different industries. Jeff holds a Chartered Professional Accountant designation in Canada, Certified Public Accountant and Certified Information Technology Professional designations in the US and a Chartered Global Management Accountant designation, recognized in the UK and US.