As we wrap up Cybersecurity Awareness Month, organisations of every size should be looking to make cybersecurity a priority and not just an afterthought. Here, Salesforce's Jay Hira, Security and Compliance Advisor, and Mark Gabriel, Platform Value & Development Executive, share their insights about what to consider when building a cybersecurity strategy that will stand up in 2022.

 

With 43% of reported data breaches in Australia resulting from cybersecurity incidents, there has never been more of an imperative for businesses to turn their attention to the security of their network and platforms. 

For some businesses, it might mean starting from scratch, and for others it might mean reviewing old policies and legacy systems to ensure they are meeting the demands and potential challenges of the new work-from-anywhere world. 

Building resilience into cybersecurity strategies, making security part of a customer-centric experience, and looking to collaboration to fight future cybersecurity threats are key ingredients for a successful cybersecurity strategy in 2022.

Cybersecurity is broadly built around three pillars: confidentiality, availability and integrity. One trend we are witnessing is that while confidentiality and availability generally get plenty of attention, a focus on integrity is often lacking. And yet it plays an equally important role in security. Organisations need to be asking themselves what sort of controls are built into a platform to make sure the information that’s entered has the appropriate integrity, and what sort of controls are available to ensure the integrity of the information on the platform can’t be compromised. 

The second trend is that the way we view cybersecurity has shifted. Traditionally cybersecurity was viewed through the lens of a ‘castle and moat’ methodology which involved paying attention to the perimeter or the fence. But with working remotely now the norm and data available simultaneously across myriad channels, there is no perimeter. Instead, there is a move toward zero trust whereby every time a user, system or network asks for access to information, it must be verified and validated before it’s trusted.

Both of these trends coincide with big changes in the way consumers and employees are engaging online. We’re seeing information being shared more freely as well as being accessed from anywhere on multiple devices. 

The challenge for businesses of all sizes then is how to capture and provide access to sensitive information securely, and scale rapidly without disrupting the user experience.

Demonstrate the business value of a cybersecurity strategy

Cybersecurity can significantly impact revenue security, net promoter score and customer success. And with customers more security savvy than ever, protecting your brand from the reputational damage of a breach is essential. 

So it’s critical that cybersecurity have a seat at the table when it comes to talking to the board – not just being a messenger who passes on information to the CIO or CTO who’s representing them. Cybersecurity leaders need to take a proactive approach to demonstrating business value as opposed to responding through a historical lens in a reactive way. 

An important way to secure that seat at the table, is to consider the language that’s used. The language of cybersecurity is very niche and can sometimes be alienating. So there’s a need to start focusing on simplifying that lingo and translating it into the language of risk, such as revenue impact, customer experience and trust, which is understood more clearly at an executive level. 

Educating staff about security risks is also paramount. While data breaches resulting from human error (like phishing) decreased so far this year, they still account for 30%. Organisations can reduce this risk by educating staff about secure information handling protocols and putting technological controls in place.

Cybersecurity requires a fresh focus on resilience and collaboration

When it comes to cybersecurity attacks, it’s not a question of if, but when. They are inevitable. So think about your cybersecurity like it’s a pro boxer. It’s going to get punched – that’s a given. But how quickly can it get back up on its feet? How does it respond to the punch? What’s its next move? Moving forward, we see cybersecurity becoming less about protective controls and more about building resilience capabilities and focusing on detecting, responding and recovering. 

But is it a fair fight? Rarely. And that’s because there’s greater collaboration and innovation among cyber threat actors. Whereas an organisation’s cybersecurity team is just trying to protect themselves. We are not yet collaborating with businesses, across industries or across the public and private sectors. And that is something that must change. Collaboration will give organisations the power not just to get back up on their feet and recover, but also to anticipate the punch before it lands. 

Just as transparency is crucial to gaining customer trust, so too must transparency play a greater role between organisations so a common threat can be tackled together rather than in isolation.

Make cybersecurity customer-first

Organisations must allow their customers to contribute their sensitive data in a way that’s easy for them. Traditionally, security has worked from the inside-out which often results in a poor user experience. A customer-first approach would flip that around to create an outside-in model which prioritises the customer experience and makes security an enabler of a positive customer experience, rather than detracting from it.

Transparency is key to that experience, and with 86% of consumers wanting more transparency over how their personal information is used, there is an opportunity here for organisations to use security as a competitive advantage. 

The demand for transparency is set to intensify as organisations request more and more sensitive data, especially that relating to health records and location tracking. The challenge for organisations then is to earn the trust of their customers through transparency and clarity about privacy and security, protect the data they collect with robust cybersecurity strategies, and stay compliant with the changing regulations of a post pandemic environment.

Gain more insights into enhancing your data and cybersecurity strategy by downloading the IT Leader's Guide to Data Security and Governance.