It is always the right time to work toward improvement.
Whether you’re among the small contingent of Americans still pursuing their New Year’s resolution or an executive strategizing how to streamline operations, growth is a worthy target at which to aim. One goal for 2023 I encourage every business manager to set is to work daily to improve the cybersecurity maturity of your organization. The complexities of the threat landscape make doing so difficult to the point of approaching overwhelming. Fortunately, there are several strategies leaders can adopt to make optimized cybersecurity an organizational reality beginning today.
Abandon the Status Quo
In 1973, despite observing an aggressive movement of troops, the Israeli military was surprised by a sudden attack from opposing forces. The attack both catalyzed the ‘Yom Kippur War’ and led to the creation of a new strategy: The Tenth Man Rule. In basic terms, this strategy requires the final person within a leadership team to dissent from the prevailing point of view if it’s shared by all others to ensure opposing perspectives are considered. Boardrooms would be better served by adopting a similar methodology when it comes to decision-making, particularly regarding cybersecurity policies, processes, and partnerships.
It’s often beneficial to have a balanced scorecard and corresponding strategy map to follow and optimize performance metrics. But what falls outside of the ‘best practice’ purview is to never re-evaluate their contents. Just because a business has always acted following a specific playbook that has generally been effective does not mean it should never revamp or take a fresh look at cybersecurity.
Even if your business has never experienced a debilitating cyberattack, there is danger in assuming that your current cybersecurity posture is what’s keeping you safe. While you may be doing everything right, regular audits of your cyber maturity should be part of an ongoing process. I encourage leaders to challenge the status quo—do not rest on your laurels amid a chaotic threat landscape—and ensure you are maintaining a position ahead of threat actors’ developments. Seek out the perspective of the tenth man every time.
Expand and Deepen Strategic Partnerships
What a Tenth-Man Review will likely reveal is there are some gaps and vulnerabilities within your organization that, when exploited, will completely disrupt operations and put client data at risk. These disturbances, however, can be greatly mitigated with the proper proactive measures.
The chances are your business model does not include a designated internal cybersecurity team who engages in a continuous cycle of active monitoring and threat remediation. Nor should it. Entrepreneurs launch businesses because we’ve found a niche in the market, created an opportunity, followed an internal passion, or built a better mousetrap. Unless cybersecurity is the core business focus, cybersecurity is rarely at the forefront of strategic development.
As such, it’s vital to identify areas of cybersecurity your firm cannot optimally develop in-house and invest in building partnerships with experienced professionals. Providing industry-leading cybersecurity is a 24/7/365 endeavor that not every entity can create or manage for itself. If your business lacks the capabilities and capacity to maintain a team who can do the work day in and day out, the responsibility of cybersecurity should be offloaded.
Acknowledging areas of weakness is a strength. Because cybersecurity is a 24/7 uncompromising commitment to those whom you serve and whose data you house, building a sub-optimal defense should not be a consideration.
Elevate Collaboration Enterprise Wide
Collaboration is one significant component of strong cybersecurity practices. Whatever your business’ relationship with a cybersecurity team—in-house or outsourced partnership—it’s a necessity to ensure they work hand-in-hand with those responsible for establishing the acceptable risk posture for the organization enterprise-wide. Simply outsourcing without questioning, verifying, or learning along the way how your environment is secured is not an acceptable response.
Whomever you have tasked with internal cybersecurity processes and policies, whether it be a CISO or IT Manager, they must be on a first-name, direct-line basis with someone on your cybersecurity team. By maintaining regular contact with your cybersecurity team, you’ll receive consistent updates regarding the threat landscape and industry best practices. Outsourcing cybersecurity does not mean taking an entirely hands-off approach; it more accurately means collaborating with a team of experienced engineers and analysts in a trusting and mutually beneficial relationship.
The nature of the threat landscape is unpredictability. The mitigation strategies of challenging the status quo, building strategic partnerships, and strengthening organizational collaboration will go a long way in re-focusing your core business processes and strengthening your cybersecurity posture.