Looking at
the rapidly evolving role of CISOs and their teams, many organizations have yet
to optimize their approach to cybersecurity to a place where it’s not just a
preventative business function but assumes a wider role in business success, be
that customer acquisition, retention or any number of other critical factors.It’s an
approach that should begin with CISOs building an understanding of the wider
business and the importance of strong relationships well beyond the security
team. It’s vital that security leaders know how their business operates and
understand where the pain points are for their leadership colleagues.As far as
the CISO is concerned, it doesn't matter whether they are focused on sector
specialisms such as building a new portal in a wealth management business, creating a new drug where the leaders in that
organization work directly with R&D, or whether it is a retail organization
that is trying to launch a new line where responsibility lies with a creative
team – the list goes on. In every case, CISOs should seek to build those
relationships so that security can play a proactive role in enabling other
leaders, teams and departments to succeed in a way that goes well beyond
protecting digital assets.
Building
trust is more important than everLet’s take
trust as an example. For many CISOs, building and maintaining trust across
every stakeholder that has an interest in effective security means working with
a broad church, ranging from customers and partners to colleagues. In its
general sense, trust is based on doing right by others, be that customers,
partners or colleagues. On a product level, it’s more about maintaining trust
within platforms and products, and on a personal and individual level, trust
plays a big role in leadership, staff retention and building a positive
culture.Some
organizations are becoming heavily invested in the concept and delivery of
trust. Because of this, it is becoming a formalized part of the CISO’s role and
their wider team. Creating what some are calling a ‘Trust Office’ as part of an
organizational structure can help businesses build trust within their product
service offerings, maintain it through proof points such as independent
certification assurance and use it as a real selling point to customers.The
interests and responsibilities of the Trust Office should cover every pillar of
the cybersecurity discipline, from governance and compliance to privacy, risk
management or any other key aspect of the discipline that contributes to
establishing and maintaining trust.Looking at
technology provider partnerships offers a useful example of the trust process
CISOs need to undertake. It needs a 360 perspective and is much more than
simply asking whether a partner has ‘won’ your trust or not - it also needs
some introspection to help establish a good framework for trust to thrive.Key
questions a CISO needs to ask of their own organization include:1. What is your own risk appetite? At a
strategic level, what levels of risk is your business prepared to take in the
months or years ahead when choosing new partners?2. What are the risks of operating with the
partner in the environment that you are evaluating?3. Does the partner understand your pain
points? Do they understand your business priorities and new opportunities that
might introduce security risks?Organizations
that view cybersecurity through this lens of trust have a less fragmented and
more cohesive view of how to engage with their stakeholders, where to focus
time and investment and where priorities should be placed.Similarly,
it goes without saying that trust is important for customers, but this is a
process that has become increasingly nuanced in the digital transformation era,
with customers becoming highly engaged and intent on understanding much more
about who they do business with. In markets such as cloud service provision
where customers are – to a greater or lesser extent – giving away
responsibilities and control to partners, they need to feel like everyone
involved has ‘skin in the game.’Trust isn’t
just about being on the end of a support call 24/7, it’s about demonstrating a
commitment to customer success as well as your own. The provision of effective
cybersecurity has become so inextricably linked with maintaining successful
relationships that businesses must widen the reach and impact of the role to
demonstrate genuine customer empathy.CISOs will
play an increasing role in meeting these diverse needs, and their ability to
establish a foundation that can broaden the value and impact of cybersecurity
will be tested in the years ahead.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
