EY partner: Cybersecurity is everyone’s business
Ahowi: Certain mindsets are critical to cybersecurity, especially among people who aren't experts
Nana Ahwoi had been working in risk assurance at EY for more than a decade when she decided to take on an internal rotation as a step toward becoming management. One of the stops on the rotation brought her to EY’s cybersecurity practice.
“I met the leader of our cyber practice at the time, and he said to me, ‘When you're done with your rotation, I want you to come into our cyber practice,” she said. “I said, ‘I don't really hack anything.’ He said,” That's not why I want you to come into the practice. We have people who know how to do that, and I'm confident you’ll learn enough about what's needed to be effective. What I need is the bridge between the technical insights and what it means for businesspeople who are trying to understand this space better.’”
Ahwoi joined the practice, became a partner, and now works as EY Americas Consumer and Health Cyber Industry Group Leader, helping those without cybersecurity experience understand how it impacts them – and vice versa. “The latest data I’ve seen said something like there are almost as many devices in the world as there are humans,” she told students at the Cybersecurity Symposium. “It’s important to recognize there's a role that cyber plays, regardless of the space in which you operate, and that each and every one of us can be impacted by it.”
She said that in today’s business climate, everyone needs to cultivate seven fundamental mindsets: curiosity, accountability, collaboration, ethical judgment, resilience, skepticism and risk awareness.
Ahwoi led students through a series of hypothetical scenarios to illustrate the importance of each mindset.
Curiosity: If something you encounter doesn’t seem quite right, be willing to ask questions. “In our space, the threat actors continue to come up with new ideas, new things. So, continuing to ask why, learning new things, honing your craft is critically important.”
Accountability: If something happens on your watch, you must own it and acknowledge it, or face a loss of trust in you and your company. “People should be made aware when they know something is happening within their environment. Accountability is an absolutely critical mindset in our space, and it applies in every scenario.”
Collaboration: “Cyber is a team sport, and there are multiple teams involved, both from the technical side and non-technical side. So, in cybersecurity situations, it's important to make sure there's exchange of information going around.”
Ethical judgement: Just because you can do something doesn’t mean you should. “Pause and ask yourself questions.”
Resilience: “There’s always a lot of chaos when you're in the middle of an incident or breach, and it's important as a leader that you're able to stay cool, calm, and collected in those moments, because if you freak out, so does everybody else.”
Skepticism: If an offer or a deal feels too good to be true, it probably is too good to be true. Ask questions before leaping into something.
Risk awareness: When dealing with a need to share information, especially without outside partners, only share what absolutely needs to be shared.
“Some of you may not end up being information security practitioners, but you could launch a product, you could shape policy, you could run a campaign, you could be running operations,” Ahwoi said. “One thing that I will guarantee is that cyber will be wherever you go, in whatever that you choose to do. And the question for all of you is, will you be ready?”
