“Complexity is the enemy of security.”
When it comes to cybersecurity, no one gets a hall pass. This is especially true when it comes to the C-Suite. Cybersecurity is viewed as a cost center, especially since many people do not know how to deal with cybersecurity effectively.
Cybersecurity should be seen as a growth enabler or differentiator for the C-Suite, by allowing the type of innovative investments that allow the company to scale into new markets and protect their data at all costs – all while leading their organization through its successes and pitfalls.
It could potentially be a disastrous mistake for executives with non-technical backgrounds to assign responsibility to the chief security officer, chief information security officer or IT team to keep cybersecurity practice in check. If C-suite executives of other departments see trouble ahead, but do they really understand the size of the problem below the surface? In order to the see the problem, the C-suite must take steps to ensure that cybersecurity is always on their radar.
What Can We Do?
Taken off his recent Forbes article, Gaurav Banga, Founder and CEO of Balbix, lists question cybersecurity professionals can ask to get the ball rolling in important meetings with senior executives regarding safety and security within the organization.
- Do we have a real-time inventory of our assets, including mobile devices, unmanaged assets, cloud services and IOTs?
- Are we able to continuously observe all relevant security attributes for our assets?
- Assuming some internet-facing asset is compromised, how quickly will the attack propagate before being detected?
- What is the likelihood and impact of a major breach?
- Can we quantify our cyber-resilience (i.e., ability to limit the impact of attacks in time and space)?
- What proactive steps have we taken to improve cyber-resilience?
- Can we estimate proforma ROI of our security initiatives, quantifying the expected decrease in breach risk?
By asking these questions, your organization will be able to spend more time measuring and auditing the network to better understand risk and development in the cybersecurity sector of your business. This will create clarity around actions that need to be taken to in order to reduce breach risk.
The Next Steps
Ultimately, the C-suites must lead the charge of the cybersecurity brigade — and the boards must also be engaged. Senior leaders driving the business must take ownership of building cyber resilience while educating those who are not only below their level, but on the same or above their level. Securing the network is no longer someone else’s job, but it is rather a team effort. Executives must all work together to do their part to keep digital assets safe or it could mean inevitable doom for their organization.
Having the C-suite back the implementation of an organizational cybersecurity framework will increase the likelihood of success in implementing a holistic security program. When the entire organization, from executive ranks to the front line, are fully engaged with a security first mindset, a utility, as well as unity, is well on its way for the future of that business.
TRANSFORMATIONAL CISO EAST ASSEMBLY 2019
This exclusive Assembly will bring industry experts and the best solution providers to our CISO Members based on the East Coast.
Are you a CISO interested in attending this event? Enquire here today to find out if you qualify for Millennium Membership >>