{"id":15294,"date":"2021-03-15T19:16:45","date_gmt":"2021-03-15T13:46:45","guid":{"rendered":"https:\/\/cigniti.com\/blog\/?p=15294"},"modified":"2023-12-19T17:10:02","modified_gmt":"2023-12-19T11:40:02","slug":"cxos-modern-cybersecurity-practices","status":"publish","type":"post","link":"https:\/\/www.cigniti.com\/blog\/cxos-modern-cybersecurity-practices\/","title":{"rendered":"Why CxO\u2019s Must Embrace Modern Cybersecurity Practices"},"content":{"rendered":"
To stay ahead in business, digital customer experience transformations have become mandatory. Cutting-edge digital experiences across every device are every customer’s need of the hour.<\/p>\n
To fulfill their digital transformation requirements, enterprises are leveraging technologies such as Artificial Intelligence (AI), Machine Learning (ML), and the Internet of Things (IoT). They are implementing Design Thinking and Lean approaches.<\/p>\n
While digital transformations are imperative, they do not come without a risk. New digital processes produce humongous data and generate a dizzying array of cybersecurity<\/a> risks.<\/p>\n Consequently, it will be wise for any enterprise embarking on the digital transformation of their customer experience to have cybersecurity as an integral part of their culture.<\/p>\n According to John A. Wheeler<\/em><\/strong>, Senior Director Analyst at Gartner<\/em><\/strong> Research & Advisory, \u201cBy proactively assessing risk appetite and the value of the desired business outcome, Chief Information Officers\u2019 (CIO\u2019s) and Chief Information Security Officers\u2019 (CISOs) can transform digital risk management into a competitive advantage.<\/em><\/strong>\u201d<\/p>\n Digital business has created a new ecosystem where partners add new business capabilities and security complexities.<\/p>\n For the business to move forward, there is a need for CISOs to strike a balance between what is needed in a security program and the risks to undertake. There may be missed opportunities if this balance is not meted out.<\/p>\n Gartner<\/em><\/strong> states, \u201cBy 2023, 30% of chief information security officers\u2019 (CISO\u2019s) effectiveness will be directly measured on the role\u2019s ability to create value for the business<\/em><\/strong>.\u201d<\/p>\n CxOs must strategize the need to reinvent security. While we move to the new decade, it is the perfect time to assess potential threats and take stock of the current security structures.<\/p>\n To develop flexible approaches that avoid current limitations, identify business-relevant objectives, and take a fresh look at security management.<\/p>\n There is a need for CIOs and CISOs to drive security investments that directly impact business outcomes and engage executive decision-makers to change how cybersecurity<\/a> is treated in the organization.<\/p>\n According to Paul Proctor<\/em><\/strong>, VP Analyst, Gartner<\/em><\/strong>, \u201cThe stories we\u2019ve seen during the COVID-19 outbreak are the latest example highlighting the failed approach to cybersecurity many organizations take. While executives were focused on ensuring compliance and stopping hackers, simple opportunities like enabling secure remote access technologies, which have a much larger business impact, were ignored. Now, organizations are scrambling to catch up<\/em><\/strong>.\u201d<\/p>\n An ineffective approach to cybersecurity often leads to bad investments and poor decisions.<\/p>\n <\/p>\n A few challenges that limit cyber security’s impact on business, as put forth by Gartner \u2013<\/p>\n The COVID-19 disconnect is a wake-up call for CIOs, CISOs, and IT executives about the critical need to address cybersecurity as a business decision in a business context.<\/p>\n Identify the business context of your organization to create a business context around cybersecurity. While every organization has costs and budgets, sources of customers and revenue, desired outcomes, and supporting business processes, each component comes with critical technology dependencies.<\/p>\n Identify how technology maps back to them and understand the organization\u2019s business outcomes and most essential processes. Shift towards an outcome-driven approach to cybersecurity using the business context as a guide.<\/p>\n This approach is a governance process where investments and priorities are determined based on their direct impact on protection levels in a business context. It also helps the organizations understand how well they are protected.<\/p>\n According to Tom Scholtz<\/em><\/strong>, VP Analyst, Gartner<\/em><\/strong>, \u201cThe objective is to provide an ecosystem that balances the imperative to protect the enterprise with the need to adopt innovative, risky new technology approaches to remain competitive<\/em><\/strong>.\u201d<\/p>\n Scholtz<\/em><\/strong> further adds that success is dependent upon CISO\u2019s willingness to adopt a new set of trust and resilience principles:<\/p>\n Embracing the above principles requires CISOs to deviate from perceived security conventions and best Cybersecurity practices.<\/p>\n To be able to protect their organizations at the speed of digital business, Gartner recommends the CARTA<\/strong> approach \u2013 Continuous Adaptive Risk and Trust Assessment<\/strong>, which creates a security and risk framework that can be applied in 3 phases \u2013<\/p>\n While preventing data breaches and protecting against security threats and other enterprise cybersecurity threats, a resilient cybersecurity<\/a> strategy is essential to running the business.<\/p>\n Per Gartner<\/em><\/strong>, by 2023, 75% of organizations will restructure risk and security governance to address the widespread adoption of advanced technologies, an increase from fewer than 15% today.<\/p>\n In the absence of a new strategy for cybersecurity, simply increasing the size of the cybersecurity spending may not be sufficient to cope with the magnitude of the threat at hand.<\/p>\nAddress failing cybersecurity approaches<\/h2>\n
\n
Create a business context around cybersecurity<\/h2>\n
Upgrade your risk and security perspective<\/h2>\n
\n
\n
Conclusion<\/h2>\n