I would say I disagree with this theorem, however the word unwinnable suggest that there is an end. Cybercriminals will always exploit new vulnerabilities and ways to create a business model that pays off their actions.
The world is changing and with COVID-19 even faster then we realize sometimes. This because COVID-19 force us to work from home, processes in organization and on the shopfloor at factories are in need for change. Becoming digital is more and more the theme on the agenda of organizations. As companies extend commitments to remote workforces, cybersecurity teams need to address new risks while helping create business value in the next normal.
The COVID-19 pandemic and the efforts to contain it have had serious economic and business consequences. These are affecting core dimensions of the business environment, from digital strategies to operational and enterprise risk appetite. Supplychain configuration and business interactions with regulators are likewise being reshaped, as are the ways we think about the very nature of work.
Chief information-security officers (CISOs) and cybersecurity teams will need to approach the next horizon of business with a dual mindset. They must first address the new risks arising from the shift to a remote digital working environment, securing the required technology. They will also need to anticipate the next normal—how their workforce, customers, supply chain, channel partners, and sector peers will work together—so that they may appropriately engage and embed security by design. The new context of changing customer and employee behaviour and a constantly shifting threat landscape must also be considered.
The pandemic response has underscored the vital role that security plays in enabling remote operations, both during and after a crisis. As companies reimagine their processes and redesign architecture amid the COVID-19 response, cybersecurity teams are being perceived anew. They must no longer be seen as a barrier to growth but rather become recognized as strategic partners in technology and business decision making.
Within OrangeNXT and furthermore at ICT Group we help customers with digital products for remote management of devices (conNXT), optimizing processes to gain in information management (digitalNXT Search) but also bridging the gap between IT and OT. Cybersecurity is a play mostly driven by IT where the OT of the organization is forced to deliver output and earning the revenue of the company. You can imaging COVID-19 drastically influence this gap. Becoming more digital comes with more risks. We think we can close the gap with a dual mindset for the next normal, by:
- Supporting business continuity (OT);
- Protecting the enterprise and its customers (IT).
Throughout the crisis we saw that companies responded with a focus on three activities as companies shifted to new processes and technologies by addressing risks and fortifying gains:
- Assessing and knocking down hot spots
- Working from home. Zero trust. Secure by design;
- Fixing and mopping up operations
- Early days forced to take risks to continue business. Now customers are catching-up in adoption of new technologies
- Fortifying incremental digital gains
- Standardizing procedures for remote work environments and explored technologies to reduce long-term risk.
Creating a culture where everyone takes accountability for defending the enterprise against cybercrime will require that we get everyone engaged from the board and C-Suite executive to business managers and Firstline Workers. During the podcast (link to podcast) we dive into a part of this challenge. My key take away to you would be:
- Feel—You probably have a list of statistics that could scare the VP of Sales into compliance, but they also might backfire, causing them to shut down. A more effective approach is to dial down the emotional undercurrent of the conversation and start by listening. You may think you know why the sales team has low training compliance, then again, maybe you don’t. The very first step is understanding their side. Don’t move on to solutions until you both are confident that you understand why the team has not prioritized the training.
- Focus—Everyone is trying to do 10 things at once, but continuous partial attention means we can’t focus on what’s important. Once you understand why the sales team has not been scoring high marks on the training, you can engage the business manager (VP of Sales) in a conversation that is laser-focused on their team needs, making it more likely that you both will put your full attention on the issue.
- Slow down—Time limits make us think less strategically. If you need time to gather the data that will support your case, consider calling for a pause, so you can do your due diligence. And make sure you time your conversation with the VP during a quiet time in the quarter. Year end is a hectic time for sales, and the worst time to try and squeeze in a cyber awareness discussion.
- Simplify—Remember that tech speak is not the right language for this audience. Give some thought to how your security training supports the goals of the sales team. Access to reliable customer data like escalations and licenses is critical to a successful mobile data force. Cybersecurity is about ensuring the sales team has confidential access to that data wherever and whenever they need it. The VP will more likely understand your priorities if they understand how they’re aligned to their priorities.
- Spark—Tap into the incredible power of “why” by explaining why your company needs security compliance. Make sure your security pitch and training align to this overall mission. Explain how your security efforts get the company closer to achieving its vision.
As you embark on this effort, keep in mind that how you say it is as important as what you say. You can create a path to success if you understand the motivations and goals of the business, and if you don’t forget one core truth: We’re all human.
You can watch the full podcast here: