SSH Communications Security What Executives Need to Know About Cybersecurity
von: Tatu Ylonen – SSH Communications Security
Ideally, cybersecurity is neither seen nor heard, plugging along quietly without disrupting the flow of business. It’s easy to view data security efforts as expensive outlays that slow down business and frustrate employees, users and customers alike. Instead of a cost center, as it is often viewed today, cybersecurity should be seen as a growth enabler or differentiator by enabling innovative investments that allow the company to scale into new markets.
C-level executives need to be aware of how their organizations’ security measures affect the flow of business. It is a potentially disastrous mistake for executives with non-technical backgrounds to simply assign responsibility for cybersecurity to the chief security officer, chief information security officer or IT team. C-suite executives might see the iceberg ahead, but do they really understand the size of the problem below the surface?
The Executive Role in Cybersecurity
Security matters must have the full backing and involvement of executives in order to be successful. If the top executives are not visible members of the security effort, it can give the impression that cybersecurity is not a number one priority; employees can do it tomorrow or whenever they have time. When the board or CEO starts asking the management team about what measures the company has in place to avoid becoming a headline, then there’s a much bigger chance of real change taking place.
This is no time for executives to turn a blind eye to matters that were previously not their responsibility. The boardroom is placing the responsibility for cybersecurity squarely on the C-suite’s shoulders. As we have seen in recent headlines, a particularly bad public data breach can ruin a CEO’s career. As enterprises and government agencies are required to follow NIST and other cybersecurity guidelines, more than just the CEO will be targeted for replacement.
To operate at the highest level in their roles, C-level executives must be intellectually curious – and particularly, these days, about the company’s cybersecurity efforts. The following best practices are a good place to start:
- Ask, listen and assess: Ask the cybersecurity team questions that help you understand the current situation. What are they working on? What is their security posture, and what solutions are currently in place? What is the critical business decision-making process used to determine what infrastructure MUST be secured? Where are the weak spots? How can the team see, control and maintain a more secure environment? Attend conferences and seminars to learn about what steps your peers are taking to protect their own companies. Make sure that you have knowledge of your current systems and the opportunities to improve – and as quickly as possible. Don’t wait for the next quarter or next year’s budget, because it might be too late.
- Make cybersecurity commonplace: Make everyone in your organization aware of the risks and how they can keep the company safe. Build security hygiene and compliance into compensation and reward packages (if they aren’t already). The goal is for everyone to understand the importance of cybersecurity to the company and your customers, and to underscore the importance of cybersecurity as a personal responsibility.
- Find the cybersecurity workarounds: Are employees bypassing security measures in order to access business applications more easily? Have they created a shadow IT environment of unauthorized systems and solutions for their convenience? When used properly, cybersecurity can be an enabler of new business, protecting data in the cloud and allowing the company to take advantage of the cloud’s cost-saving agility and flexibility, for example. Finding ways to minimize the risk of human error, such as automating as many security processes as possible, can also help increase business efficiency.
- Bring in new ideas and people: Because cyber threats are always evolving, they require a totally new way of thinking. Companies need to adopt practices that don’t affect their workflow and don’t disrupt the actual business in any way. Look to what universities, incubators and startups are producing, as they are the best sources for cybersecurity solutions and talent, and hire the expertise you need from that pool. Make sure your team is evolving with the threats.
The Advantage of Trust
Getting up to speed on cybersecurity is not easy, but it is necessary – and rewarding. There are measurable business benefits for greater involvement in cybersecurity. If your network gets infected and your servers go down, that downtime will have a disastrous effect on your company’s bottom line, not to mention the sustained operational costs and damage to reputation.
As the threat landscape expands and evolves, it is critical that partners and customers trust your company. By leading from the top down, the C-suite can help ensure that the organization is protected appropriately while maintaining performance and ensuring that security measures do not disrupt operations in any way. Once the C-suite has established a security game plan for the organization and is confident that the team is performing on the right level, you can trust in your critical information flow and sleep better at night.
Take it from the Top
Customers, partners and shareholders have not forgotten the personal and financial impact wrought by the huge data breaches of the last few years. C-level executives are in a position to do their part to ensure the enterprise’s cybersecurity, no matter their official title or primary job duties. By educating themselves, conferring with internal experts and getting their hands dirty, the C-suite will not only be doing their due diligence to keep their jobs safe but will encourage the entire enterprise to make data safety a top priority.