It Takes a Village: 5 Leadership Principles to Help Build a Resilient Cybersecurity Program

It takes a village. From day one, it requires hard work, attention, constant maintenance and nurturing. If you thought the ‘it’ we were referring to was a child, you’re on the right track, but sadly mistaken— we’re talking about a cybersecurity program. To keep up with today’s digital challenges, organizations should treat their cybersecurity programs with the same amount of care and attention that they would give a child.

Like cybersecurity, children requires many things: time, energy and a whole lot of money. There’s no better way to beef up your cybersecurity program than investing in it, and today, shifting safely online during the age of COVID-19 means investing in cyber.

With more individuals and organizations feeling the pressures of cybersecurity from home, large enterprises have responded by increasing their cybersecurity spending. Research from McKinsey & Company suggests that spending will vary by industry with healthcare, banking and financial services, technology, media and telecommunications, and public and social sectors increasing their budgets across segments including network security, identity and access management, and messaging security. Leaders must strategically build their cybersecurity programs to ensure funds are allocated to the areas that need it most and to best support and achieve the organization’s goals.

Even in cybersecurity, there’s a sweet spot. The sweet spot in this case is finding the perfect balance between security and privacy, increasing operational efficiencies and improving customer experience and business decisions, all while maintain cost effectiveness. Sounds easy, right?

To make your life a little easier and encourage you to keep cybersecurity at the forefront, The World Economic Forum issued a guide detailing the top 5 cybersecurity leadership principles to drive a responsible course of action. We describe them below:

1. Foster a culture of cyber resilience: It’s no secret that the advantages of digitialization reach far and wide. To take advantage of these opportunities while staying safe and resilient, leaders must ensure that protection and defense strategies are present. This can be achieved by implementing cyber-resilience governance, promoting resilience by design, moving beyond compliance and encouraging employees to develop cyber-resilient behaviors. Programs from the CISO’s office or 3^rd party virtual CISO services (like the ones we offer) are a great place to start as well as employee security awareness and training programs.
2. Focus on protecting your critical assets and services: Do you have a holistic view of your cybersecurity program? Cybersecurity is critical to an organization’s operations, and it should be treated as so. Enforcing cyber hygiene through constant monitoring, updating and looking for holes in the system will keep you in check. Prioritizing investments in the areas that need the most support will also help protect critical assets and services. Our specific recommendations depend on where your organization is in its maturity model. Early in the cycle, discovery and inventory of assets is key, while gap analyses and mitigation mappings are more prominent in more mature programs.
3. Balance risk-informed decisions during the crisis and beyond: Your business risk posture pre- and post-COVID-19 are completely different. Following the crisis, it’s important to move towards a zero-trust approach to securing your supply chain, define and implement meaningful cyber-resilience metrics (and when we say measure, we mean it!), and focus on risks critical to your personal operations. Remember: every organization is different. Supply chain especially for consumer products is becoming a critical component to organization’s security strategy through COVID-19 as more employees are working from home.
4. Update and practice your response and business continuity plans as your business transitions to the new normal: Don’t just be the man (or woman) with a plan. Build a cross-functional team equipped with the tools to navigate any situation and communicate with key stakeholders who may be involved. These plans should be continuously tested and updated for implementation before, during and after a crisis occurs. Run books and tabletop exercises are key components to ensuring a response plan execution goes smoothly.
5. Strengthen ecosystem-wide collaboration: There’s no ‘I’ in team. We’re all working towards the same goal, so why don’t we help each other? Regardless if you’re in the public or private sector or a third-party vendor, sharing information on cyber attacks, communicating with different agencies and personnel, actively participating in the fight against criminal activities and taking a systematic approach to risk management will help. Look for industry-specific Information Sharing and Analysis Centers (ISACs) or general public-private partnerships for threat sharing such as the InfraGard.