Posted by ConvergeOne on Apr 23, 2020 10:00:00 AM
How can you effectively safeguard the information your customers entrust in your company, as well as protect proprietary material and data? Begin your journey to a more secure customer experience by following these six steps.
STEP 1: START WITH A CISO
In 1994, following a series of dramatic cyber-attacks from infamous Russian hacker Vladimir Levin, Citigroup created the world’s first formal cybersecurity executive office position by naming Steve Katz its CISO. Katz had organized and managed the information security program at JP Morgan and was well known in the industry as a pioneer in the cybersecurity field.
In the ensuing twenty-five years, the role of CISO has evolved significantly. They should be and often are executives who translate technical terms to business terms and vice-versa. They understand business, security and privacy equally well, thinking in terms of risk and monetary impact (value at risk and cost of control). They are extremely well versed in corporate and technology strategy, and they believe in clear metrics and set priorities based upon them.
At larger companies, CISOs typically oversee a team of security professionals that work for the company. Smaller firms more often outsource security oversight by hiring a virtual or fractional Chief Information Security officer, getting the same capabilities as a full-time experienced. CISO but for substantially less cost.
Top CISO’s bring or develop a model for risk and an applied formula that answers the questions of, “Are we doing the right things, enough of the right things and in the right prioritization order?”
If you want to get serious about cybersecurity, it’s time to include the CISO as a trusted member of your executive leadership team.
STEP 2: INVOLVE SENIOR LEADERSHIP
Between the SEC’s requirement that publicly traded companies disclose material information about security events, and the increasingly frequent news headlines about data breaches, senior executives and corporate boards are more involved than ever in how organizations manage and implement their security programs. After all, just one serious cybersecurity incident could derail the growth and profitability of an entire company—and potentially cost them their jobs. “My leadership team is completely behind me,” said Buechler. “They take security seriously and that is the single most important thing.”
If your senior leaders aren’t engaged, it’s time to bring them into the fold. Buechler suggested avoiding scare tactics: “Discussing corporate security can cause alarm because many believe the best way to sell it is to create fear and uncertainty. I don’t like that approach. What we should be doing is providing our executives with information clearly and calmly so that they understand what is being done and why it is important, but not in scary terms.”
STEP 3: ADOPT A RISK-BASED APPROACH
Over the last two decades, CISOs have shifted their focus from the implementation and management of cybersecurity control technology to a consultative, business-process-aware risk management approach. CISOs and the organizations they support must borrow from their brethren in auditing roles, in that information must be translated and executed via a program that manages risk at the digital asset level, but focused on cyber-resiliency and how to increase it. The majority of what comprises good security posture is foundational in nature, but like the Pareto Principle, the 20% that is differentiated between you and your competitors often makes the difference between being victimized and being able to detect, then ward off attacks.
Check back for the next installment in this blog series, where we’ll share the final three steps to securing an excellent customer experience.
Are you providing a seamless and secure
Your customers expect their data to remain secure. A breach could significantly impact their privacy, not to mention their trust in your organization. Download this ConvergeOne white paper to learn how to make the shift toward a more cyber-aware and secure culture while maintaining the high level of service your customers demand.