More and more devices are being Internet-enabled daily. To securely drive an organization’s digital strategy, CISOs need to better understand business and new technologies across groups within the enterprise. It is critical to learn how to create value from their data, and understand technical capabilities for the whole business, not just in the IT domain, and how they can be leveraged.
CISOs are in an ideal position to help design the end-to-end innovation process that leads to a more productive and more secure business, and then enable it. Innovation drives efficiencies and offers a competitive advantage; secure technology is one way of capturing both.
In this digital economy, CISOs must be data-driven. And from a security perspective when you follow that data it makes it easier to secure that data path and data destination to move the entire business forward.
Big Data Security
Today, practical applications for Big Data are growing and the amount of information managed by businesses of every size is reaching astronomical proportions. This has and will continue to increase the temptation for hackers. Big data installations often still lack the necessary administration and security protocols. As is frequently the case, security seems to be an afterthought at best. When combined with the advancements in server side attacks by hackers, Big Data Installations become increasingly vulnerable. This could lead to hackers trying to infiltrate this growing platform.
Additionally, these installations deal with a variety of data and Information classification becomes even more critical; information ownership must be addressed to facilitate any reasonable classification. Another challenge is Big Data in the cloud. Storing it in the cloud, which is not inherently secured, does not eliminate an organization’s responsibility to protect it – from both a regulatory and a commercial perspective.
Security Means Business
To strike the right balance, a CISO must effectively communicate using the language of business with the board as well as executives in various parts of the organization and then leverage technologies across the enterprise to execute their plan. Security must be run as a business, enabling innovation and growth. Communication is the key and CISOs must deliver the right message.
Stay away from technical details. And avoid fear, uncertainty and doubt (FUD). Instead express challenges and solutions in business terms, for example, if budget is x that puts us at y risk, making C-suite colleagues part of the decision. In short, CISOs need to present in a non-threatening manner the challenges while providing the solutions in business terms. CISOs need to grow from subject matter experts to business advisers who help the C-suite improve the business and associated revenue.
Rather than thinking of cybersecurity in terms of a breach, a CISO needs to locate cyber security issues within the business decisions that a Board makes, such as mergers and acquisitions, new product launches. Security should be a part of these decisions just as legal and finance are.
Communication is the cornerstone to this. CISOs need to be “Security Communications Experts,” improving cyber security literacy across the C-suite. We must evolve from individual contributors to “Business Thought Leaders,” from Data Protectors to “Risk Managers,” from Enforcers to “Educators” and last but not the least from backstops “Trusted Advisors.”