Principal with expertise in information security and risk management; recently inducted into the Information Systems Security Association Hall of Fame.
Cybersecurity is an environment of give and take. New technologies are constantly emerging in the market with promises to improve efficiency and increase your business potential. On the other hand, cyber threats continuously evolve to increase the risks incurred by adopting new and current technologies into the mainstream of your business culture. Successfully establishing a solid cyber environment hinges on our ability to leverage new technologies and better conduct our business while simultaneously mitigating the risks threatening to compromise our mission.
The best way to stay on top of emerging threats and technologies is to stay involved and leverage the information available. It’s important to take advantage of blogs, security bulletins, case studies, and third-party sources with experience across multiple markets – all of which freely provide security-related information – to develop a general understanding of what is going on in the cyber realm. When sharing this knowledge across the organization, it’s important to make it meaningful on a personal level, not just from a corporate perspective.
It’s also helpful to recognize the risks your organization currently takes when evaluating the potential risks involved in adopting new technologies. In many cases, you may already be operating in a risky environment without knowing it.
Looking at the current environment, mobile applications continue to be a pervasive technology, with a quick and high adoption rate. Unfortunately, they’re also a rather risky investment, known to be riddled with security holes. Before adopting new technology, such as mobile applications, it’s important to consider what business needs the technology will meet and how it can work in your corporate environment.
Ask employees to be involved in the decision making process. When they suggest new technologies, encourage them to explain how it will benefit your organization and how it can be secured. In other words, don’t just adopt something for the sake of adopting it; make a business case for any new technology. Then, you can evaluate common processes and procedures and, in some cases, core applications, to use throughout the organization and reduce the risks involved.
In reality, a lot of security is tactical, but by working with business stakeholders, we can begin to be more strategic. This comes by understanding the risks and business impact of new technology as well as creating a culture that recognizes and communicates security needs. Many organizations don’t view security as a business driver. However, but with increased awareness, better communication, and a more strategic approach, security can not only drive business but improve employee satisfaction as well, by allowing employees to leverage emerging technologies securely.
