The security challenges governments face continue to evolve. And while the stakes are higher than ever before, the responsibilities of public- and private-sector chief information security officers remains the same.
Back in 2012, I wrote an article for CSO magazine titled, CISO 2020: Will You Be Ready?
The charge to global security leaders at that time was to move beyond a focus on daily breach headlines, scary cyberstories or other fear, uncertainty and doubt in the security industry and toward building trusted relationships with business executives with a foundation of personal and professional integrity.
Fast-forward seven years to the edge of a new decade, and a colleague recently challenged me with this question: Has anything really changed?
But before I answer, I want you to think about your organization’s security efforts. What has worked well over the past few years? What mistakes were made? How has your team recovered?
Virtually everything is on the table as we enter a new decade that will be defined by global innovation and technology breakthroughs. Companies and governments worldwide are jockeying for position to define the new technology landscape.
Hold on to your safety belts, because the number of technology and security initiatives will also soar as we head into 2020. What’s different now is that cybersecurity will be at the center of executive discussions. Headline news stories over the past decade, from Facebook privacy blunders to the federal Office of Personnel Management data breach, have (belatedly) taught most CxOs that cybersecurity can’t just be bolted on at the end of production processes.
Business leaders now recognize that earlier involvement of cyberexperts can help avoid a major data breach, which could derail innovative plans, cripple production operations, or worse, cause a total loss of trust in the brand or government organization. In order to build security into a new product or service, you need to know what the potential problems will be.
1. Do your homework. Research needs to be done internally regarding future business plans and externally with new technology and specific innovation alternatives available. Focus on secure alternative solutions. CISOs and other security leaders must engage now as businesses redefine themselves (again). Get involved as digital transformations in government accelerate to a level never seen before.
Tip: Stop focusing exclusively on daily cyberthreats or other security actions and block off time to work with key business partners on their plans. Study prediction reports and leading case studies to offer meaningful input into strategies.
2. Align business, IT and cyberpriorities. Andrew Haggard, a former PriceWaterhouseCoopers executive, said, “The biggest business and IT collaboration challenge faced by our clients is a lack of a clear alignment across business stakeholders and between business and IT teams of what capabilities are a true enterprise priority.”
Tip: The goal for security leaders is to be the trusted business partner who offers clear risk-based alternatives. Be known as an enabler of innovation with the right level of security deployed.
3. Lead the charge. Cybersecurity can no longer be added at the end of project development life cycles. Security teams must be in the room regarding all strategic initiatives for the 2020s.
Tip: Look for cross-discipline opportunities. From smart cities to transportation projects to new data collected via Internet of Things devices, cyberexperts must be involved at every stage of the development and production processes. For example, rigorous testing, which includes global bug bounties, has become the new normal with next-generation vehicles.
So does my article from 2012 still apply? With a few tweaks, yes. Although many things have changed in cybersecurity over the past seven years — including the higher stakes, the level of global attention and the global cyberpriority — the need to focus on trust, relationships and, most importantly, integrity remains.