Four key steps to transform cybersecurity into a business enabler
Recent research shows that fewer than 25% of business leaders view security as a proactive enabler of digital transformation. Yet thinking of cybersecurity as a barrier opens businesses up to many risks.
First and foremost, an unsecure innovation program can lead to data loss or breaches. CIOs and transformation leaders must align with and involve the cybersecurity function on all innovation matters. This involves a multi-pronged approach:
- Alignment: The CIO must support the changing role of the security function by giving the security team access to broader resources and embedding security into the transformation strategy.
- Communication: Together with the CISO, CIOs must communicate with all C-level and senior staff so that security and the business are aligned and working towards a common business aim. When stating the vision for transformation, CIOs should highlight the important role that security plays, to ensure its importance is clear.
- Engagement: The CIO and CISO should establish feedback loops and a “champions” network across transformation and security domains. Champions are select employees who are responsible for temperature-checking collaboration efforts and keeping leadership informed.
- Innovation: To enable the cybersecurity team to do the best job they can, they must also be considered and supported as they embark on their own department’s digital transformation. This means, for example, aiding the security function in moving to automation and selective outsourcing.
How to think about cybersecurity in the era of COVID-19
Cyber incidents are consistently ranked at the top of business concerns, and it’s easy to see why: According to one estimate, the global cost of cybercrime will rise to $6 trillion a year by the end of 2021.
And this was before the COVID-19 pandemic disrupted businesses worldwide and offered new opportunities for hackers and bad actors.
Since the pandemic began, Marriott suffered a data breach affecting 5.2 million customers, and a ransomware attack forced Honda to shut down global operations.
This article collects experts’ top advice for cybersecurity leaders, during the pandemic and beyond.
Four tips for a CIO to maintain cybersecurity during COVID-19
Brown Smith Wallace
At the onset of the pandemic, many organisations were pleasantly surprised at how rapidly their workforce transitioned to working remotely. However, this decentralised work-from-home environment has created increased risks. Here are four best practices for a CIO or other security leader to keep in mind:
- Make sure your workforce still undergoes security awareness training. Email phishing, text phishing and voicemail phishing are popular tactics right now for attackers to gain valuable information, such as username and password to access email accounts.
- Consider implementing multifactor authentication, if it hasn’t been done already. This helps prevent stolen passwords from being used in your environment and adds another layer of security to your network.
- Look into independent security assessments like vulnerability scanning or penetration testing to reveal security vulnerabilities and threats you have in your environment.
- Refresh your incident response plan. If you were to have a security incident, make sure you have the right contact info and a call tree in case some members are not available. Have some sort of out-of-band communication option, too, such as cell phones or an external chat application.
Toshiba’s Cyber Security Report 2020 provides an excellent example of how to communicate cyber security initiatives to customers, shareholders, suppliers, and other stakeholders.