Author: Morey Haber, CTO, BeyondTrust
According to TechTarget, Digital Leadership is, “… the strategic use of a company's digital assets to achieve business goals. Digital leadership can be addressed at both organisational and individual levels.” What fundamentally makes this important is the type of business an organisation performs. For an architectural firm, it might be the electronic production of drawings, or for a hospital, the electronic storage of patient records and even computerised medical equipment. Organisational leaders need to leverage these results to excel in business, provide competitive differentiators, and understand how they can provide tools for business to achieve objectives.
For information technology security professionals, there is a small twist to this definition. And, it is true for every single organisation that uses information technology. After all, that’s pretty much everyone even if you do not have a CISO. Digital Security Leadership is the capability to leverage an organisation’s cyber security defenses for more than just protection. Businesses typically deploy firewalls, antivirus, VPN, vulnerability, patch, privilege, and other solutions to combat cyber threats. The question becomes, how these can be used to achieve business goals?
Ensuring Business Continuity
Any unforeseen interruption in the business can cost thousands or millions of dollars per hour due to the loss of revenue, services, or even because of penalties. Cyber security should not be viewed as financial drain, but rather a tool to ensure business continuity. In the end, it safeguards the workflow, services, and processes your business provides from threat actors that may want to disrupt, compromise, or even leverage your resources for their own financial or malicious gain. An executive that embraces information technology security for enabling business sustainment versus throwing away money because of a threat will understand how the tools can strengthen the business.
Supporting Business Strategy
Information technology security solutions are often purchased to counteract a threat or satisfy a regulatory audit finding. The truth for executives is that these purchases are generally reactive and not strategic. There is typically no long-term plan to ensure sound cyber security hygiene, vendor preference, or even correlation with other departments and their tactical visions and product development.
Digital Security Leadership involves a long term cyber security strategy. A strategy that ensures the foundation of defenses remains solid, maintenance is performed on a regular basis, including updates, the replacement of end of life systems, and most importantly it aligns with the other business initiatives that leverage information technology. This implies security teams be involved from the initial conception of a new idea all the way through its release to validate and harden that the new initiative cannot be leveraged against the business. Therefore, the businesses strategy should include digital security leadership from cradle to grave to support the business and even the new offerings resilience against threats.
Enabling Regulatory Audits
Regulatory audits often dig deep into an organisation looking for improper or unauthorised transactions, inappropriate practices, and errant procedures. When it comes to cyber security, it is often related to fraudulent activity due to insider or external threat actors. Once an event is identified as suspicious, an investigation occurs. Determining the details based on electronic events and homing in on an Indicator of Compromise (IoC) requires a well-defined cyber security practice and a reliable installation for log collection.
This is where Digital Security Leadership comes into play. The data needed to prove, refute, or legally charge a person or entity with a crime comes from the information technology data collected and the integrity of the data. This is where cyber security solutions become more than just a defensive technology. Its data merged with operational logs becomes the foundation for an investigation a key component to detect fraud and support efforts used by auditors. A good security solution enables all levels of the business including auditors and investigators.
Cyber Security Digital Leadership is an executive’s ammunition to create a culture and tools that expand beyond cyber security defenses. It promotes the solutions for other mission critical purposes within the business and allows other teams to understand that they have benefits far beyond just protecting against the latest hack. If teams can embrace cyber security from leadership on down, then the benefits may far extend the occasional inconveniences many employees experience from day to day. It takes a strong leader to change the culture of an organisation and security leadership starts at the top, not just annoying expense.