It's Time to Redefine Cybersecurity
Cybersecurity has become a top concern for many organizations, consumers…even entire countries. Today’s adversaries are better financed, their threats more vicious and advanced than ever before, and legacy solutions are proving increasingly ineffective. As a result, cybersecurity teams require more budget to build their security posture. It’s time to nail down the definition of cybersecurity.
Why, you ask? Seems pretty obvious doesn’t it? Yes, to security practitioners, but not to the other departments that need to support your efforts. This includes the executive team, board members, finance, accounting, marketing and the list goes on. Through my conversations with other CSOs, and my own experience, I’ve noticed that individual departments within organizations define cybersecurity differently. It’s imperative that security practitioners get on the same page, clearly define their role and communicate its importance to other teams. This will further ensure our success.
First, let’s explore how cybersecurity is defined. One company leader may say it is an abstract, expensive necessity, while another will insist it’s a cost of doing business. The U.S. government defines it as any process, program, or protocol relating to the use of the Internet or an intranet. This includes automatic data processing or transmission, or telecommunication via the Internet or an intranet. In addition, any matter relating to, or involving the use of, computers or computer networks. This definition hasn’t been widely adopted throughout the industry, but is used in a variety of publications and riddled with scoping challenges.
We don’t block business, we enable it
I challenge my fellow CSOs to demonstrate cybersecurity is a business enabler. Convince your leaders that cybersecurity is a risk mitigation practice that will lower unplanned costs and thwart damage to the brand. Take advantage of the fact that cybersecurity has become an all-encompassing buzzword that’s in the news every day—and that has the attention of your executives. Demonstrate that cybersecurity goes beyond blocking websites and extends to the practice of protecting your confidential data. This includes understanding who is accessing corporate information and where they are trying to send it.
By redefining cybersecurity, you can move security into the business enabler category. Strong cybersecurity enables the business to adopt new technology that allows it to stay competitive and keep its workforce productive. This will pay larger dividends when trying to convince your executives that you need more funding. Demonstrate that you can protect against threats both known and unknown and optimize security solution investments by doing the following:
- Ensure you have visibility into your networks, data use and systems. Know what’s going on in your environment before the bad guys do.
- Show your executive team how attackers are trying to access your system and what information they are going after.
- Use this insight to communicate risks to individual groups and encourage best security practices
- Provide protection for the systems and data both on premise and off-premise.
- Move toward identity and access intelligence by continuously monitoring identities, access rights, policies and user activities to quickly remediate vulnerabilities.
- Remember cybersecurity is not just for the C-suite. Everyone needs to be part of the solution.