Traditionally, it’s not been unheard of for the information security function to be regarded by some as somewhat of a business inhibitor – the function that says ‘no’ and known for slowing business advancement down (for the sake of keeping data safe) rather than speeding it up.
Whether that has ever truly been the case is up for debate, but one thing that is clear is that with the speed and agility that organizations move at today, a modern security team simply can’t afford to fail to keep up with the wider business as it embarks on a variety of digital projects, launches and transformations.
In fact, it’s now imperative that security plays an integral part in ensuring such innovations are not only managed at pace, but also managed safely and with security at the fore. If that is done effectively, security can prove to be a business enabler, not only allowing businesses to mitigate potential economic threats by reducing risks, but it also allowing organizations to make informed decisions that give them access to growth opportunities.
Adam Philpott, EMEA president, McAfee, believes just that, and he recently spoke to Infosecurity Magazine to share his thoughts on how and why security can empower a business and facilitate progression and growth.
Generally, do you think security is considered a business enabler, or is there still a tendency to view it as a business inhibitor?
At McAfee, we see good cybersecurity posture as a business enabler. For that reason, businesses should look to build closer alignment between innovation and risk.
Business is about risk and reward but it is important to emphasize that security concerns should not be a reason to avoid or stymie innovation and improvement, but any step to implement new technologies must consider security from the outset to keep data secure and maintain customer trust. At such a critical time for UK businesses, innovation like this must be encouraged, with the security risks minimized.
What are the key business benefits of implementing good cybersecurity?
Good cybersecurity helps to unlock business growth, through the secure adoption of new, innovative technologies, which will give the company a competitive edge.
A healthy cybersecurity posture should not be a ‘nice to have,’ but rather a 'critical component of the business’ strategy. When C-level executives take a look at what’s at stake they would be quick to agree with this statement. This is because falling victim to a cyber-attack can not only cost businesses money, but also impact their brand reputation in the long-term – both of which can be disastrous for different reasons.
Implementing a strong cybersecurity culture minimizes the risks of data loss, profit loss, regulatory fines and negative publicity. In addition, it means less stress and fewer menial tasks to be performed by the IT department, which in many cases is already stretched.
What are the steps organizations need to take to ensure security enables their business, rather than inhibits it?
To effectively protect companies from cyber-threats, business leaders must foster a culture of security at all levels. Cyber-criminals are always finding new ways to attack businesses, exploiting vulnerabilities in technology and the humans that use it. As a result, business leaders today need to be multi-disciplinary. Whilst this doesn’t mean deep expertise, it does mean a deeper awareness of the nature of cyber-risks and how they can be addressed. Just as they are financially savvy, equally they must be cyber-competent.
The truth is that in today’s threat landscape, businesses must go beyond establishing baseline protocols to create and maintain a secure environment. Given the potential existential impact to the bottom line if a cyber-criminal manages to make it through enterprise defenses, cybersecurity should be a priority for every member of the C-suite. The key to achieving cyber -resilience within an organization is collaboration and understanding across the board. Business executives and cybersecurity experts need to find a common data-language to understand the risks and how to adapt in order to manage them.
The CEO and wider board need to build security into the vision and values of a company – working together to get all employees on board and foster a culture of cyber-awareness. After all, staff can be a company’s biggest vulnerability or its first line of defense. Similarly, management need to increasingly factor cybersecurity into their strategic decisions – whether that’s cloud migration, marketing new products and services, undertaking financial planning or signing partnership agreements.