Why CxO’s must embrace modern cybersecurity practices

To stay ahead in business, the digital customer experience transformations have become mandatory. Cutting edge digital experiences across every device is the need of the hour for every customer.  

To fulfill their digital transformation requirements, enterprises are leveraging technologies such as Artificial Intelligence (AI), Machine Learning (ML), and Internet of Things (IoT) and are implementing Design Thinking and Lean approaches. 

While the digital transformations are imperative, it does not come without a risk. As new digital processes produce humongous data, they also generate a dizzying array of cybersecurity risks. 

Consequently, it will be a wise decision for any enterprise embarking on the digital transformation of their customer experience to have cybersecurity as the integral part of their culture. 

According to John A. Wheeler, Senior Director Analyst at Gartner Research & Advisory, “By proactively assessing risk appetite and the value of the desired business outcome, Chief Information Officers’ (CIO’s) and Chief Information Security Officers’ (CISO’s) can transform digital risk management into a competitive advantage.” 

Digital business has created a new ecosystem where partners add new business capabilities and security complexities.  

For the business to move forward, there is a need for CISO’s to strike a balance between what is needed in a security program and the risks to undertake. There may be missed opportunities if this balance is not meted out. 

According to Gartner, “By 2023, 30% of chief information security officers’ (CISO’s) effectiveness will be directly measured on the role’s ability to create value for the business.” 

It is imperative for CxO’s to strategize the need to reinvent security. While we move to the new decade, it is the perfect time to assess potential threats and take stock of the current security structures. 

To develop flexible approaches that avoid current limitations, identify business relevant objectives, and take a fresh look at security management. 

There is a need for CIO’s and CISO’s to drive the security investments that directly impact business outcomes and engage executive decision makers to change how cybersecurity is treated in the organization. 

According to Paul Proctor, VP Analyst, Gartner, “The stories that we’ve seen during the COVID-19 outbreak are the latest example highlighting the failed approach to cybersecurity that many organizations take. While executives were focused on ensuring compliance and stopping hackers, simple opportunities like enabling secure remote access technologies which have a much larger business impact were ignored. Now, organizations are scrambling to catch up.”  

Address failing cybersecurity approaches 

An ineffective approach to cybersecurity often leads to bad investments and poor decisions.  

Few challenges that limit cybersecurity’s impact on business as put forth by Gartner – 

• Societal perception is that cybersecurity is a technical problem, best handled by technical people. 
• Organizations ask the wrong questions about cybersecurity. 
• Current investments and approaches designed to address limitations are not productive. 
• Real failures are not getting enough attention to productively change behavior. 

The COVID-19 disconnect is a wake-up call for CIO’s, CISO’s, and IT executives about the critical need to address cybersecurity as a business decision in a business context. 

Create a business context around cybersecurity 

Identify the business context of your organization to create a business context around cybersecurity. While every organization has costs and budgets, sources of customers and revenue, and desired outcomes and supporting business processes, each of these components comes with key technology dependencies.  

Identify how technology maps back to them and understand the organization’s business outcomes and most important processes. Shift towards an outcome-driven approach to cybersecurity using the business context as guide. 

This approach is a governance process where investments and priorities are determined based on their direct impact on protection levels in a business context. It also helps the organizations understand how well they are protected. 

Upgrade your risk and security perspective 

According to Tom Scholtz, VP Analyst, Gartner, “The objective is to provide an ecosystem that balances the imperative to protect the enterprise with the need to adopt innovative, risky new technology approaches to remain competitive”.  

Scholtz further adds, Success is dependent upon CISO’s willingness to adopt a new set of trust and resilience principles: 

• Shift to risk-based decision making and away from checkbox compliance 
• Begin supporting business outcomes rather than solely protecting infrastructure 

• Become a facilitator, not a defender 
• Determine how information flows; don’t try to control it 
• Become people-centric and accept the limits of technology 
• Invest in detection and response, and stop trying to perfectly protect the organization 

Embracing the above principles calls for CISO’s to deviate from perceived security conventions and best practices.  

To be able to protect their organizations at the speed of digital business, Gartner recommends CARTA approach – Continuous Adaptive Risk and Trust Assessment, which creates a security and risk framework that can be applied in 3 phases –  

Run – Adaptive threat and access protections. 

Build – Secure agile development, new vendor evaluations and creation of ecosystem partners.  

Plan – Business-unit-led adaptive security governance and risk management. 

While preventing data breaches and protecting against security threats and other enterprise cybersecurity threats, a resilient cybersecurity strategy is essential to running the business. 

Per Gartner, by 2023, 75% of organizations will restructure risk and security governance to address the widespread adoption of advanced technologies, an increase from fewer than 15% today. 

Conclusion  

In the absence of a new strategy for cybersecurity, simply increasing the size of the cybersecurity spend may not be sufficient to cope with the magnitude of the threat at hand. 

Cigniti’s Cyber Security Testing experts have a watchful eye on the technology landscape helping organizations to prevent, detect, and solve the complex security issues that damage brands and hamper productivity. Organizations are protected by assessing system vulnerability, scanning digital threats, and defining intelligent, secure solutions that match end client needs. 

Cigniti has a proven record of helping a multi-billion-dollar pharmaceutical company obtain vulnerability assessments of its applications and derive value from the Information Security metrics. 

Need help? Consult Cigniti’s team of experienced security testing experts to understand how they can help tackle and prevent any malicious cyberattack against your organization.  

Schedule a discussion today.