We are in a difficult time for business amid political headwinds and economic uncertainty. The economy is affected by a combination of continued high inflation and limited GDP growth. Meanwhile, supply chains have been disrupted by international conflicts (including Ukraine, Gaza and the Houthi rebellion) and the ongoing impact of Brexit. As a result, companies are being pulled in different directions by economic pressures and uncertainty, two of the things companies hate the most. Due to these challenges, it is no exaggeration to say that we are experiencing a “cost of business” crisis.
The crisis has caused cybersecurity teams to face pushback from decision-makers regarding new investments. As a result of the instability, spending decisions are delayed and for the first time they are faced with “real'' or actual budget cuts. This requires them to be as agile as possible to remain responsive to the evolving security environment. Because classic market forces: evolving threats, increasing digital transformation, increasing regulatory reform, and continued skills shortages require security teams to: Deliver more with less. Therefore, responding by ignoring the “salami slicing” costs, much less taking no action at all, is not an option.
Therefore, maintaining the right level of security can be an uphill battle finding ways to keep your company protected. Security leaders must find new ways to demonstrate the value of the investment decisions they seek.
UK Product Manager at Orange Cyberdefense.
Security as a topic in enterprise risk management
Organizations that fail to protect sensitive digital assets from today's increasingly sophisticated cyber threats will pay a high price. According to the latest Security Navigator report, there will be a 46% increase in cyberattack victims globally in 2023.
A big contributor to this is that companies tend to think of security simply as a checkbox on a compliance list, rather than approaching it as part of a broader (and consistent) enterprise risk management strategy. This means there is a lack of communication because executives don't fully understand how security brings value to the entire organization.
However, cyber resilience should start in the boardroom, and organizations must align cybersecurity closely with business objectives. To achieve this, strengthen collaboration between CISOs, security, and broader leadership teams to protect internal security needs, protect your most critical assets, and maintain “business as usual” in the face of attack. You need a deeper understanding of how your business can support your business goals.
Therefore, executive boards should regularly raise security as a topic of enterprise risk management and emphasize the importance of partnership and cooperation between the board and security teams. To achieve this, ensure that you understand business leaders' risk management strategies, work to quantify the security risks they face, and understand security from a perspective that helps the board measure this security risk posture against its risk appetite. Present your decision. This allows security professionals to advise on how to most strategically allocate budgets and facilitates open discussion of the unique risk and cost challenges posed by potential cyber incidents.
Always relevant to business strategy
Our research also found that large enterprises accounted for 40% of security incidents in the past year. With more stakeholders, these organizations often struggle to incorporate multiple perspectives internally, which can make business and security alignment more difficult. Security leaders must focus their efforts and investments on the most important risks that are most contextually relevant. Otherwise, they risk “boiling the ocean”, diluting their focus and reducing the impact of their spending power.
If a business does not focus on its security strategy, organizations may miss out on adopting new tools and technologies that could provide a competitive advantage. For example, at our annual summit in November, an informal discussion between partners and customers revealed that only about a quarter of security leaders in attendance had enabled ChatGPT for their staff. I found out that the rest said his ChatGPT was blocked for security reasons. However, companies whose security teams can find ways to securely enable such technology will benefit and gain an advantage over their competitors.
To overcome this problem, security teams must learn how to “do business with the enterprise.” This means we can understand what a wide range of businesses are struggling with and, importantly, be able to explain how we can support them. To achieve this, it is important to “safely design” new tools. Solutions that increase security while maintaining ease of use can help you gain a competitive edge. However, this depends on the ability of security teams to be involved in new projects from the beginning and demonstrate their value to business initiatives.
Unfortunately, this has traditionally resulted in security being introduced last, or as an afterthought, and perceived by other parts of the business as a “blocker” that slows down or dilutes the value of such projects. This is in contrast to the situation. By helping business leaders think creatively about how finance, security, and business strategy align, security teams can help drive the business agenda forward.
Automation can help
However, this level of collaboration with the broader business can be time-consuming for security teams looking to maintain adequate defenses and respond to threats. One way he addresses this is by optimizing security operations and using automation to free up time for more meaningful tasks without letting up on the gas pedal.
While all steps are important, security teams should re-evaluate how they prioritize their time and how they can address their daily routines to free up (or “create”) capacity. is needed. If done correctly, this will improve security metrics, minimize incident response times, reduce exposure to risk, and give you more time to work closely with business leaders to ensure they realize the importance of their role. can do.
After all, security should be part of the solution, not part of the problem, in overcoming the “cost of doing business.” By freeing up resources with the help of automation, security teams can develop a more strategic role in the boardroom, build closer relationships with business leaders, proactively address vulnerabilities, and stay ahead of the competition. You can bring out your superiority.
We have listed the best Zero Trust network access solutions.
This article is produced as part of TechRadarPro's Expert Insights channel, featuring some of the brightest minds in technology today. The views expressed here are those of the author and not necessarily those of his TechRadarPro or Future plc. If you're interested in contributing, find out more here. https://www.techradar.com/news/submit-your-story-to-techradar-pro
