Cybersecurity Lessons Learned from Working in Diplomacy and International Trade

Effective communication and collaboration are business-critical capabilities across any successful organization. Leadership teams worldwide also understand the need for clarity of purpose, the value of focused strategic thinking and the transformational impact of solid partnerships. Indeed, in most situations, businesses must display some or all of these ‘diplomatic’ characteristics to navigate daily challenges and achieve their goals.

Before entering the technology industry, I worked for several years for the UK government, including five years as the British Consul General to New York and Director General for UK Trade and Investment across North America. Today, various scenarios, opportunities and challenges encountered during those years resonate with the way organizations approach IT in general and cybersecurity in particular.

There are some interesting parallels between these two worlds, and organizations can make significant improvements to their overall cybersecurity effectiveness by focusing on some key capabilities that are central to successful diplomacy:

Communication and Collaboration

Implementing an effective cybersecurity strategy is a team effort, and as such, requires a firm commitment to communication and collaboration. In many organizations, however, there is a serious disconnect between leadership and other vital stakeholders. For example, some leaders pigeonhole cybersecurity as an IT problem, and as a result, keep essential issues at arm’s length.

Elsewhere, some leaders don’t always want to prioritize cybersecurity investment because, unlike other areas of capital or operational spend, it doesn’t necessarily show a tangible ROI – unless there is a major incident that requires the attention of the CEO. In these situations, a lack of collaboration can leave organizations with dangerous security blind spots and vulnerabilities.

Many organizations out there would also benefit from giving cybersecurity a seat at the top leadership table. Granted, in some teams, this is already the case. However, in many more, the experience and expertise of the senior cybersecurity professionals and their colleagues are still too far removed from broader business decision-making. Improving communication between technical and business leaders is becoming increasingly vital if organizations are to protect themselves from daily cybersecurity risks and capitalize on the opportunities the digital economy has to offer.

Engaging With Vital Issues

Organizational leaders everywhere set the tone for how their teams engage with a vast range of issues, from the relatively mundane to the business-critical. Their willingness to learn about the challenges and potential solutions across critical areas such as cybersecurity will filter down into their overall culture.

Take cybersecurity training, for example. Many organizations out there take a ‘box ticking’ approach to training their employees in how to identify and mitigate common cybersecurity risks. They ask the team to attend training sessions and then assume it’s ‘job done.’

What this approach betrays, however, is a lack of engagement with the issues around cybersecurity training and where the emphasis should lie. For instance, why do organizations still choose to put their employees in the front line of their security strategy? What’s more, why do they believe that putting people back in the classroom for a day is a useful preventative strategy?

Instead, employers should be creating a culture where people help identify security challenges. Alongside training and investment in the right technologies, this mindset helps place organizations in a much stronger position to prevent and mitigate security risks and vulnerabilities. Ultimately, leaders who engage with these issues will almost always make better decisions than those who don’t.

Meeting Challenges Head-on

When addressing cybersecurity challenges, corporate procrastination is a major and recurring problem, and much of this stems from the issue of perceived risk. A leader or leadership team may understand that ransomware attacks are on the increase, for example, but they can’t translate that into the risks it presents to their own networks. The result is that investment decisions – some of which are vital – are set aside in favor of what is perceived as more critical non-cybersecurity priorities.

Ideally, cybersecurity challenges will be addressed head-on. For many organizations, this will require that they modernize their approach and be prepared to implement change. Don’t forget, this is not just about investing in technology, but is about identifying the risk factors associated with significant problems such as ransomware, those created by the shift to remote working, or the attacks hidden within the files shared in their billions around the world every day.

While effective cybersecurity is always built around solid technology solutions, organizations that also address these issues are better equipped to remain safe than those that don’t. Similarly, an open-minded willingness to learn from other professions and sectors is also vital if businesses remain one step ahead of today’s highly organized cyber-criminals.

What’s Hot on Infosecurity Magazine?