Remember that story about constructing the Tower of Babel? Things started out great. And then suddenly everyone was speaking a different language. With no way to communicate, they had to abandon the project.
Developing cybersecurity plans for your organization is a lot like that. On the business side, managers are thinking about profitability, customer retention, productivity, and the like. But on the technology side, managers are focused on firewalls, ransomware attacks, phishing scams, and other security breaches. In the end, they have trouble moving forward because they aren’t speaking the same language.
Ironically, both groups have the same goals in mind—business continuity, asset protection, and other factors that make a business thrive. So, how do they come to agreements?
Working from the same blueprint is becoming increasingly critical with today’s intensifying criminal activity online. For most organizations, it’s just a matter of time before they become victims. If they’re lucky, the attack can be minor. But those chances are diminishing as cybercrime evolves into a lucrative multibillion-dollar business all its own.
You Can Lose Even If You Pay Them Off
Attackers can shut off access to an organization’s network and demand a ransom payment. Sometimes, even if the ransom is paid and access is granted, the files may be stolen or corrupted. Thieves can break into customer records and steal vital information, compromising identities and credit ratings—along with a company’s reputation. Painstakingly developed intellectual property can be hacked and sold to the highest bidder.
Meanwhile, cybercriminals are clever enough to break into unsecured servers or computers, send out their attacks from there, and disappear within a few minutes. They often operate in dispersed teams across the globe, making them difficult to prosecute or even to track.
This is no longer a case of simply using password protections. Now with phishing, social engineering, and other insidious attacks, almost anyone in the organization—including supply chain, partners, distributors, and customers—can be a weak point. Rather than just using perimeter protections, organizations now must harden almost every level of potential access.
Create Common Security Goals
With all that in mind, it’s become essential for managers from across the organization to develop common security goals and to integrate their priorities. No longer can an IT manager rely on obtuse “tech talk” when making a request of business management for additional security specialists. And no longer can business management deny that request simply because “we hired a tech guy last month.”
Rather, they must act as one team:
- They must ask themselves what assets and capabilities they risk losing, what a loss could cost the business, what controls are in place, and whether those controls are working.
- They must catalog and prioritize the assets, uncover potential risks and threats, and stay updated on new risks.
- They must stay updated on any new requirements and regulations, and on new assets/capabilities deployed by their organization.
- They must evaluate the security team and its skills (including skills gaps), infill with those who have critical skills, and ensure that their training is current.
- They must ensure that their “bench” covers all the necessary positions or that they have an outsourcing plan to cover them.
- And they must build, deploy, and enforce security measures throughout the organization.
After deployment and implementation, enforcement is absolutely essential because the weak point in almost any organization is its people. So everyone must be trained to recognize a potential attack and to alert management.
If that sounds daunting, Cisco has created a free white paper to download, IT and Business Management Roles in Cybersecurity, and a check list to help management (both business and technical) work through these issues and begin to develop a workable plan that meets the mission-critical needs of the entire organization.
Yes, it does take work. But what are the very real, long-term losses if those measures are not taken?
Donna Maurillo is a content manager at Learning@Cisco, creating white papers, blogs, website content, and other materials. She has a lifelong career in public relations and corporate communications. Her goal is to highlight the many benefits of a connected environment.