A successful cybersecurity strategy aligns technology, people and processes.
A Digital Transformation requires a Cybersecurity Strategy
Digital Transformations mean more connected environments and more vulnerabilities. Systems will be more open than ever before to clients, partners, suppliers, consumers, and employees. Consumer facing web presence means more connections to backend systems and more opportunities for attackers to exploit weak links, resulting in access to company systems and data.
A Digital Transformation alone is a huge undertaking; staying ahead of competitive threats demands changing business models and processes. Adding to the list is the absolute requirement to ensure that addressing security threats is central to the conversation. A recent Forbes study stated that 69% of senior executives are rethinking their cybersecurity strategy because of Digital Transformation.
Relying on technology alone to deliver security monitoring is an inadequate solution for combating cyberattacks. A successful strategy incorporates technology, people and processes and requires tight alignment between the traditional IT professionals and cybersecurity experts. Unfortunately, seamless digital process flows increase the opportunity for cyberattacks to infiltrate the entire organizations.
As recently reported in Harvard Business Review, executives’ mental models are often to blame for weak defenses to cybersecurity. The problem is that the executives approach cybersecurity as a finite problem to be treated rather than as the ongoing process that it really is. All too often executives focus on risk mitigation rather than the more important aspect of risk management.
Because no system or infrastructure will be “absolutely impenetrable” a better way of assessing and evaluating success is to measure vulnerabilities that are found and fixed. When the focus is shifted to finding the cracks in the system leaders will shift focus from building the right system to building the right process.
Can your Brand survive a Cyber attack?
Recently there have been a slew of articles indicating executives are feeling slightly better about their cyber threat preparations and are expecting 2018 to be a bit less risky than the past several years.
Recently there have been a slew of articles indicating executives are feeling slightly better about their cyber threat preparations and are expecting 2018 to be a bit less risky than the past several years. Then there was Russia, and the stunning amount of infiltration using social media. Those attacks were focused on our elections but could easily target corporations inflicting sustainable long-term damage to their brand.
According to Protiviti and North Carolina State University’s ERM Initiative’s report: Executive Perspectives on Top Risks for 2018, the rapid changes in disruptive technologies and cyber threats are focusing Senior Management teams and Boards on identifying and managing risk over the next 12 months.
Times are changing. Culture and resistance to change cannot stand in the way of the ability to rapidly adjust to new opportunities and new types of threats.
2017 saw historic levels of security breaches, with the Equifax data breach alone exposing personal data for 145+ million people. Their breach and the impact to their brand was discussed in every Board room. Is our infrastructure secure? Do we have enough focus on cyber threats? Could that happen to us?
Unfortunately, the answer is never definitive since the threats in a cyber world are more and more sophisticated with new vulnerabilities popping up all the time; many of which are employee-related and hard to defend.
I recently heard a CEO say that he would take a natural disaster any day over a cyber-attack. His reasoning was that cyber-attacks represent the “unknown.” He has sophisticated preparations with back up plans, offsite duplicate systems, and personnel plans to deal with most emergencies. It is very different to try and plan against something that is constantly attacking and morphing at the same time.
Now is the time to address the issue of cybersecurity. PwC estimates that by 2020, businesses will spend $7.5 billion for cybersecurity insurance. While insurance is critical for any organization, you can’t insure the integrity of your brand or the safety of your customers’ data.
In a cyber world data is king
In this rapidly evolving digitally driven economy, enterprises are accelerating their efforts to transform their business; forcing fundamental changes to their infrastructure and cyber-security processes.
In this rapidly evolving digitally driven economy, as enterprises are accelerating their efforts to transform their businesses fundamental changes are being forced on their infrastructure and cybersecurity processes.
Corporate executives are increasingly aware of the impact of cyber threats to their financial, employee, and customer data along with their intellectual property and overall company reputation. They recognize that the security plans in place to protect their traditional business are no longer adequate in a digital domain.
Digital business initiatives requiring new technologies are challenging enterprise cybersecurity teams and increasing the demand for capital investment in enterprise wide security protocols. Operations teams are identifying new vulnerabilities for security breaches, increasing the priority for security patches and updates, increasing the involvement of business leaders in security discussions, and accelerating training and awareness programs on all aspects of the business as part of an overall cybersecurity action plan.
Executive leadership teams and Boards must embrace the need for a strong cybersecurity strategy and agree to the ongoing funding requirements. The strategy is imperative but has to be backed by a solid business model and operating plan in which security is imbedded in the culture from the top down. The old adage, “pay me now or pay me later”, is a great way to think about investing in a secure enterprise versus repairing a damaged reputation in the market or worse.
According to Gartner, 99% of vulnerabilities exploited through 2020 will continue to be ones known by security and IT professionals for at least one year. This prediction is one of the top 10 emerging risks in cybersecurity. Risk can be mitigated by incorporating a cybersecurity strategy and execution plan into the business planning at the beginning; ensuring that the entire enterprise is part of the solution.
Three areas of focus to mitigate risks are:
1. Security professionals and business leaders work together to balance risks versus business requirements and create processes that allow for agility to respond to threats.
2. Prioritize the upgrading of skills and technology throughout the supply chain with a focus on detection and rapid response versus incident reporting.
3. Establish a governance model and business rhythm for ongoing security discussions that ensure cyber-security is a consideration in all business decisions.
Don’t be fooled that cybersecurity is not as important as great customer service, awesome products, and a strong executive team. In a cyber world data is king and therefore holds great value.