CIO Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

CIO

Proving ROI in cyber security

960 640 Guest Post

Research shows that almost half of businesses have reported cyber security breaches or attacks in the last 12 months. Amongst these businesses that identified breaches or attacks, more have experienced these issues at least once a week so far this year.

Moreover, the unprecedented events of recent months have seen the number of attempted data breaches continue to rise, with cyber hackers using the increase in remote working and individuals’ fears over the coronavirus to their advantage. In fact, a survey showed that 50% of organisations were unable to guarantee that their data was adequately secured when being used by remote workers.

The issue is serious and many businesses are stepping up their cyber security strategies accordingly, with CIOs and their teams increasingly taking a seat at the executive board table. But one thing is still lacking: cyber security ROI. To truly engage with a strategy, board members need to see ROI from every department of an organisation, and cyber security is not exempt from that. However, demonstrating business value in areas such as compliance, risk management or data assurance, has always been challenging. 

Consequently, data security has historically been looked upon as a necessary cost of doing business. However, this no longer needs to be the case. As CIOs, CISOs and network security teams mature into their C-Suite role, proving the value of data security is now both a realistic and achievable corporate objective. Frank Richmond, Vice President Sales Europe, Certes Networks, explains just how CISOs and CIOs can get the Board on board… 

Cyber security as a strategic investment

Today’s current network and data security approaches focus primarily on keeping the cyber hackers out with threat detection and vulnerability management at the core. But modern CIOs and CISOs want – and need – more than this when reporting to the Board; they want “provable security”.

Securing data should be a strategic investment in an organisation’s risk strategy and should quantifiably contribute to the overall value of the business. CISOs expect their network security teams to be equipped with tools that will enable them to make real-time changes to applications based on observable network flow. They want to see that securitypolicies are being enforced properly and, most importantly, prove that their security strategy is actually effective.

To put this into practice, cyber security should be quantifiable, measurable and outcomes-driven. It shouldn’t just be a case of successfully keeping a cyber attacker out of the network after a single breach; a successful cyber securitystrategy is effective only when it is continuously putting data security first and measuring impact against key performance indicators (KPIs) that will instantly show Board members how imperative the strategy – and the technology behind it – really is.

In order to truly demonstrate the effectiveness of the organisation’s security strategy, CIOs and CISOs need to be able to visualise and understand their data, the associated applications, workloads and behaviour, with real-time contextual insight. This, in turn, will enable this understanding to be passed on to other executive Board members. 

The real value of cyber security

Armed with this insight, organisations can then take actionable steps not only to measure the effectiveness of their security strategy, but to gain deep understanding into how to enhance their security posture and to manage and enforce policies. With a data-driven approach to cyber security, the guesswork can be removed and CISOs and CIOs will be able to clearly demonstrate to the Board that ROI has been achieved.

With buy-in from the Board, data security is now more than a ‘necessary cost’, and is instead a fundamental of business operations. The businesses that succeed in enforcing this way of thinking will then truly be able to continuously evolve their cyber security practices to keep their data safe.

Coronavirus: Business Continuity During a Global Crisis

960 640 Stuart O'Brien

By Nicole Alvino, Cofounder and Chief Strategy Officer, SocialChorus

We’re living through an unprecedented time, globally and for how long, none of us are that sure. While the new coronavirus may seem like a singular threat, dealing with crises is a fact of doing business—one companies can expect to encounter with increasing frequency. According to PWC, 69% of businesses had experienced a crisis in the last five years even before COVID-19, and the most disruptive causes of crises in the U.S. were natural or environmental. 

Under these conditions, it’s likely that your company already has crisis management and business continuity plans in place. But what should you do to ensure your infrastructure is robust enough and capable of helping you to reach all your workers?

There are five critical challenges that CIOs will face as they try to utilise their stack to reach employees. If you’re a CIO, then you know that you’re the best equipped person in your executive team to plan for business continuity but to be successful you’re going to need every person, across the entire business to understand your plans. Ultimately, your company is looking to you to:

·       Establish a source of truth for your company and communicate with one voice, so employees can separate rumours from facts and trust what they’re being told

·       Reach every worker on every digital channel with the targeted, personalised information they need to respond in an emergency

·       Use intelligent automation to certify message delivery, prompt response, and make sure your crisis communications are not just read but understood

·       Track the success of crisis initiatives and measure the effectiveness of your communications using in-depth analytics

·       Be prepared for emergency situations during COVID-19 and beyond – your stack and your workforce need to prepared for every twist and turn during this pandemic.

As you and the senior leadership team implement your crisis communications strategy you (and they) will ask whether you can reach every employee on every digital channel, even those that are deskless. And can you reach them with personalised, up-to-the minute information that they need? You’ll need to ensure that whatever communications technology you use, whether it be SharePoint, Slack, Zoom, Teams, mobile apps or others, that you can consistently reach and broadcast your company’s messages to all.

One thing we’re hearing is that people are overwhelmed with communications. On average a worker receives 120 emails per day, that’s not counting the ones via other channels such as Slack, IM or Teams. Now consider that your people, like you, are also getting bombarded by emails from school, IM from friends and family and messages via Facebook and WhatsApp. There is an information overload going on so whatever you do, you need to make sure your messages reach people urgently and that they can review them promptly. Our latest paper on CIO Crisis Communications takes you through several steps on how to reach all employees, across all channels, consistently.

Consistency from your business will help to establish trust in your message, especially if you’re able to deliver it immediately to all. And that’s of paramount importance. You don’t want workers in the London office getting communications three hours later than those in Paris or Madrid, or the other side of the world for that matter. All employees are equal, and all deserve to be communicated with, no matter where they are. They may consume your communications in different ways so use your different channels to reach all.

You’ll also need to judge how many times you communicate. Don’t hassle people as we’ve said, they’re inundated with messages already. If you need to know that they’ve received a critical message or piece of advice, then track acknowledgements or read receipts. Then you can take further communications actions with those that are unresponsive and not send repeat messages company wide.COVID-19 is changing the way we live and the way we work. In a world where change seems to be the only constant be the consistent voice across your organisation. Your emergency plans may need to be tweaked over the coming weeks, your infrastructure might need to be extended to ensure your reach is truly companywide but remember it is the companies that manage this situation well that will thrive through the chaos.

Image by Thor Deichmann from Pixabay