Principal with expertise in information security and risk management; recently inducted into the Information Systems Security Association Hall of Fame.
There are many ways to get people on board to develop and maintain a proactive cybersecurity program but ultimately it comes down to knowledge, involvement, and recognition to implement a holistic approach across the firm. Stakeholders and business leaders must understand the emerging cyber threats, cybersecurity issues and risks of daily operations. Firms should be collaborating with industry partners to best achieve enduring solutions. Finally, leadership must acknowledge progress and success while reminding staff of their daily involvement in cybersecurity.
Right now, there are pockets of cybersecurity initiatives in major corporations separated by functional siloes. In some instances, there’s not a cohesive strategy that encompasses all the corporate efforts, causing a discontinuity in their cyber approach. It’s important to ensure the entire corporation understands the risks incurred on a daily basis and how risks taken in one segment of operations affect the corporation as a whole. It helps to use real-world examples, not to paint a picture of “the sky is falling,” but to really drive home the importance of understanding the full potential of cyber threats and risks should they materialize into incidents. For example, if a medical institution understands their mobile applications can be penetrated and used to administer inappropriate levels of insulin, they’ll take security more seriously.
Internally, firms can hold regular “summits,” or briefings, involving stakeholders and leaders to communicate a common understanding of what cybersecurity activities are taking place across the firm. These business leaders can then work together and implement integrated cybersecurity initiatives to meet firm-wide business needs rather than focusing solely on individual needs. Regular briefings on how to implement a holistic framework across the areas of people, policy, operations, technology, and management will promote internal collaboration when approaching cybersecurity challenges.
With a better understanding of cybersecurity challenges and strategies, involvement with organizations and alliances across industry that promote and participate in collaborative cyber efforts is an effective method to improve your own strategy. Booz Allen belongs to several industry-driven alliances encompassing all markets and capabilities. Involvement with these alliances, like the Cloud Security Alliance, provides perspective on what competitors are doing, the emergent trends in the market, and what threats or opportunities could be coming down the pipeline. Leveraging past experiences and lessons learned, also improves an organization’s ability to identify and curtail threats both tactically and strategically.
Often, when things are running smoothly, organizations lose sight of the security concerns that face our firm on a daily basis. Moreover, we can forget our personal responsibilities to help maintain cyberecurity. Whether you maintain an internal blog or operate another communication device, it’s important to highlight risks and successes to ensure these concerns remain a focus for everyone.
