Why CxO’s Must Embrace Modern Cybersecurity Practices

To stay ahead in business, digital customer experience transformations have become mandatory. Cutting-edge digital experiences across every device are every customer’s need of the hour.

To fulfill their digital transformation requirements, enterprises are leveraging technologies such as Artificial Intelligence (AI), Machine Learning (ML), and the Internet of Things (IoT). They are implementing Design Thinking and Lean approaches.

While digital transformations are imperative, they do not come without a risk. New digital processes produce humongous data and generate a dizzying array of cybersecurity risks.

Consequently, it will be wise for any enterprise embarking on the digital transformation of their customer experience to have cybersecurity as an integral part of their culture.

According to John A. Wheeler, Senior Director Analyst at Gartner Research & Advisory, “By proactively assessing risk appetite and the value of the desired business outcome, Chief Information Officers’ (CIO’s) and Chief Information Security Officers’ (CISOs) can transform digital risk management into a competitive advantage.”

Digital business has created a new ecosystem where partners add new business capabilities and security complexities.

For the business to move forward, there is a need for CISOs to strike a balance between what is needed in a security program and the risks to undertake. There may be missed opportunities if this balance is not meted out.

Gartner states, “By 2023, 30% of chief information security officers’ (CISO’s) effectiveness will be directly measured on the role’s ability to create value for the business.”

CxOs must strategize the need to reinvent security. While we move to the new decade, it is the perfect time to assess potential threats and take stock of the current security structures.

To develop flexible approaches that avoid current limitations, identify business-relevant objectives, and take a fresh look at security management.

There is a need for CIOs and CISOs to drive security investments that directly impact business outcomes and engage executive decision-makers to change how cybersecurity is treated in the organization.

According to Paul Proctor, VP Analyst, Gartner, “The stories we’ve seen during the COVID-19 outbreak are the latest example highlighting the failed approach to cybersecurity many organizations take. While executives were focused on ensuring compliance and stopping hackers, simple opportunities like enabling secure remote access technologies, which have a much larger business impact, were ignored. Now, organizations are scrambling to catch up.”

Address failing cybersecurity approaches

An ineffective approach to cybersecurity often leads to bad investments and poor decisions.

A few challenges that limit cyber security’s impact on business, as put forth by Gartner –

• Societal perception is that cybersecurity is a technical problem, best handled by technical people.
• Organizations ask the wrong questions about cybersecurity.
• Current investments and approaches designed to address limitations are not productive.
• Real failures are not getting enough attention to change behavior productively.

The COVID-19 disconnect is a wake-up call for CIOs, CISOs, and IT executives about the critical need to address cybersecurity as a business decision in a business context.

Create a business context around cybersecurity

Identify the business context of your organization to create a business context around cybersecurity. While every organization has costs and budgets, sources of customers and revenue, desired outcomes, and supporting business processes, each component comes with critical technology dependencies.

Identify how technology maps back to them and understand the organization’s business outcomes and most essential processes. Shift towards an outcome-driven approach to cybersecurity using the business context as a guide.

This approach is a governance process where investments and priorities are determined based on their direct impact on protection levels in a business context. It also helps the organizations understand how well they are protected.

Upgrade your risk and security perspective

According to Tom Scholtz, VP Analyst, Gartner, “The objective is to provide an ecosystem that balances the imperative to protect the enterprise with the need to adopt innovative, risky new technology approaches to remain competitive.”

Scholtz further adds that success is dependent upon CISO’s willingness to adopt a new set of trust and resilience principles:

• Shift to risk-based decision-making and away from checkbox compliance
• Begin supporting business outcomes rather than solely protecting infrastructure
• Become a facilitator, not a defender
• Determine how information flows; don’t try to control it
• Become people-centric and accept the limits of technology
• Invest in detection and response, and stop trying to protect the organization

Embracing the above principles requires CISOs to deviate from perceived security conventions and best Cybersecurity practices.

To be able to protect their organizations at the speed of digital business, Gartner recommends the CARTA approach – Continuous Adaptive Risk and Trust Assessment, which creates a security and risk framework that can be applied in 3 phases –

• Run – Adaptive threat and access protections.
• Build – Secure agile development, new vendor evaluations, and creation of ecosystem partners.
• Plan – Business-unit-led adaptive security governance and risk management.

While preventing data breaches and protecting against security threats and other enterprise cybersecurity threats, a resilient cybersecurity strategy is essential to running the business.

Per Gartner, by 2023, 75% of organizations will restructure risk and security governance to address the widespread adoption of advanced technologies, an increase from fewer than 15% today.

Conclusion

In the absence of a new strategy for cybersecurity, simply increasing the size of the cybersecurity spending may not be sufficient to cope with the magnitude of the threat at hand.

Cigniti’s Cyber Security Testing experts have a watchful eye on the technology landscape, helping organizations prevent, detect, and solve the complex security issues that damage brands and hamper productivity. Organizations are protected by assessing system vulnerability, scanning digital threats, and defining intelligent, secure solutions that match end client needs.

Cigniti has a proven record of helping a multi-billion-dollar pharmaceutical company obtain vulnerability assessments of its applications and derive value from the Information Security metrics.

Need help? Consult Cigniti’s team of experienced security testing experts to understand how they can help tackle and prevent any malicious cyberattack against your organization.

Schedule a discussion today.