How to Lead the Way with Cybersecurity Strategies

prioritizing cybersecurity and allocating resources to safeguard digital assets
prioritizing cybersecurity and allocating resources to safeguard digital assets

 

Product leaders are pivotal in supporting cybersecurity initiatives within organizations. As the driving force behind strategic decision-making and organizational culture, leaders set the tone for prioritizing cybersecurity and allocating resources to safeguard digital assets. They accomplish this by championing a proactive approach to cybersecurity, emphasizing its importance as a strategic business priority rather than merely an IT issue. Leaders foster a culture of cybersecurity awareness and accountability across all levels of the organization, promoting best practices and encouraging employees to remain vigilant against cyber threats. By demonstrating a commitment to cybersecurity and providing the necessary support and resources, leaders can empower their organizations to effectively mitigate cybersecurity risks and safeguard against potential threats.

Cybersecurity attacks are on the rise. Cobalt predicts that by 2025 cybercrime costs will rise to $10.5 trillion. In addition, according to a 2023 Voice of SecOps report, 75 percent of security professionals said they had witnessed an increase in cybersecurity attacks in the prior 12 months, with 85 percent attributing this rise to cybercriminals using generative artificial intelligence (GenAI).

Consequently, more C-suite executives have either taken on or need to take on more significant roles in understanding how security works within their companies. That knowledge has extended to new regulations and requirements that, while evolving, already include the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) laws. These have become crucial, particularly in light of multiple attacks on various financial service institutions, including the residential mortgage company Mr. Cooper, which was hit by a suspected ransomware attack in October 2023. The attack impacted 14.7 million customers whose personal data was stolen, costing $25 million in response and recovery costs. The company shut down multiple systems following the attack, which prevented people from making payments, and Mr. Cooper had to set up alternative payment methods.

A holistic approach

      It’s imperative for cybersecurity to be incorporated as part of a company’s overall business strategy. Companies can best serve their workers, customers, and bottom line by taking a holistic approach to cybersecurity. That includes focusing on proactive strategies, such as continuous monitoring of potential threats to address high-end critical security vulnerabilities and managing the inventory and applications on their servers to respond quickly to attacks when they do occur.

In Verizon’s 2023 Data Breach Report, Managing Director of Cybersecurity Consulting at Verizon Business Chris Novak noted, “Senior leadership represents a growing cybersecurity threat for many organizations. Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”

Companies can take various approaches to mitigate these issues. One such strategy involves quarterly software development planning with leaders from other teams, including sales, product marketing, and quality assurance managers. This creates an opportunity for developers to discuss potential security issues, prioritize, and address all possibilities upfront.

This approach underscores the motto, “You can’t secure what you can’t see.” That translates to having an inventory of the environment and a broad understanding of the company’s network. If a company wants to solve a problem, it first needs an overall picture of that problem. Otherwise, it can fall into the trap of addressing symptoms but not the root cause.

A pro-active approach

The budget and cybersecurity strategy are the primary drivers for tackling these issues. It is critical for organizations not to invest all funding solely in technology. While it’s essential to invest in cybersecurity technologies such as an intrusion prevention system (IPS), an intrusion detection system (IDS), network security, data protection, endpoint security, and identity and access management systems, an additional critical strategy is to invest in the appropriate workers who can consistently focus on potential threats and adapt accordingly.

In addition, all security protocols benefit from a top-down approach. Organizations have a better chance of staying on top of concerns by making cybersecurity a company-wide priority, as its importance cannot be overemphasized. That includes openly discussing cybersecurity strategies in all-hands meetings. Leadership can achieve a security-first mentality by putting it at the forefront of company culture weekly or daily. By doing this, company members will understand how a potential breach can affect the entire business, from potential job losses and the financial impact to the effect on customers.

When everyone in the company understands what they are working toward, it creates a “one team” mentality, with accountability for what is being worked on, and team leaders can create a safety net to support employees even when things go wrong. This is achieved by empowering employees and ensuring they all collaborate across different teams rather than everyone working in silos. Another way to bolster this holistic approach is by having key performance indicators (KPIs) for employees to work together to achieve goals.

While many companies invest in hybrid or multi-cloud solutions, it is essential to manage them correctly. This requires keeping the approach simple by investing in one or two tools instead of many tools, identifying gaps in the system, and working with the technology vendor to address those gaps. The more a company can streamline its tools, the more likely it can secure the environment early.

            Of course, all the preparation in the world can’t halt a breach. Being prepared with a proactive approach, including a clear incident response plan, can mitigate the effects of a breach. The onus is on leaders and information security teams to understand the importance of collaboration and have one clear, strategic plan for their incident response that includes a detailed plan to fix vulnerabilities and incorporates the right networks, access privileges, and network segmentation.

Preparing for the future

Unfortunately, attacks will continue to occur, and it’s critical for companies to make significant investments to protect their customers’ data. This includes adopting zero-trust architecture, especially with the likely considerable explosion in the Internet of Things (IoT). This will require companies to have inventory visibility in their networks and know how to build cybersecurity strategies around that visibility. In an April 2024 interview with Information Week, Wayne Mattadeen, Deloitte’s risk and financial advisory unit’s zero-trust leader, noted, “From a cybersecurity perspective, a zero-trust architecture can reduce an organization’s attack surface, making it more resistant to attacks and more resilient to compromise.”

From job losses to the negative financial impacts on customers, companies can more effectively handle cybersecurity issues when all employees know what they are working toward. Facilitating collaboration and empowering employees to move out of silos, working together, and investing in a “one team” culture should something go wrong are the best ways for leaders to address potential breaches head-on and provide security for companies and customers alike.

About Anil Mahale 1 Article
Anil Mahale is an accomplished cybersecurity leader with more than 15 years of experience. He is currently a director of engineering and oversees a zero trust/network segmentation product line and platform engineering for a network security business unit. Anil has successfully led numerous high-impact projects throughout his career in both offensive and defensive security across numerous product lines and infrastructure. He was one of the chief developers of UCSniff, a vulnerability assessment tool. Active in the cybersecurity community, he is a fellow at BCS, a senior member at IEEE, and leads the OWASP Dallas chapter. Anil holds a master’s degree in computer science from the University of Texas at Dallas. Connect with Anil on LinkedIn.