Back @ IT Show artwork

How A Cybersecurity Framework Creates New Business Value

Back @ IT Show

English - May 05, 2022 13:19 - 36 minutes - 50.1 MB
Technology Business enterprise ai technology business acceleration decisions digital business digital transformation opinion business applications automation Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: What Google Cloud’s BigLake Means from a Data Scientist’s Perspective
Next Episode: Unlocking the 5G Potential: Exclusive Interview with Verizon Business CRO Sampath Sowmyanarayan

For far too long, cybersecurity has been viewed as a cost center instead of how it can build real value for businesses. This has led to bad decisions, wrong tech investments, and putting the wrong people in certain positions.

Further, cyberattacks continue to increase in volume and sophistication. If your company is already in a bad state, the cyber-threats will exacerbate the issue and increase the speed of the company’s downfall.

So, what are some of the best ways to help be prepared? How can we develop a cybersecurity mindset from the C-suite on through the rest of the organization?

To help me answer these questions, I’m joined by Robert Wood. Robert is the Chief Information Security Officer for the Centers for Medicare & Medicaid Services, a fellow Acceleration Economy Analyst, and co-host of the Cybersecurity as an Enabler channel and speaker at the upcoming Cloud Wars Expo event.

Highlights

01:45 — Robert wrote an article discussing how security teams can build value. Oftentimes, building value can be challenging for security teams due to issues of communication.

03:50 — Security teams and leaders need to embrace what and how their organization does to provide value for its stakeholders. With that, they should be considering what positive and even negative impact they can have in the process of delivering value.

05:05 — There needs to be a change in perspective and a zero-trust mindset. Whether or not an action is intentional, the actions of security team members can impact the downstream of delivering value to customers.

07:40 — Is it difficult for security teams to address certain stakeholders without getting too technical? A lot comes down to how the security team communicates.

09:45 — Cybersecurity can become very complicated. Although security has been around for a while, there is still a newness factor when it comes to cybersecurity. This newness factor should be a foundational thing that is discussed at all levels and integrated into all parts of an organization.

11:00 — There are great tools available that can improve security processes. How can security teams balance the overload of tools and stay on top of their responsibilities?

12:10 — The Ambidextrous Organization is a model that Michael Tushman at Harvard introduced. It can be used to evaluate how your organization is extracting value through its operations and how it’s exploring new ways to add value.

13:20 — Sounil Yu has developed a framework called the Cyber Defense Matrix. Essentially, it’s a NIST cybersecurity framework, which involves identifying, protecting, detecting, responding, and recovering. It also includes different asset classes. This can also help identify redundancies.

15:40 — Having a framework or structured way to look at your portfolio is important, as it can better demonstrate your unique solutions.

18:00 — With a rising number of cyberattacks per week and per organization, AI and machine learning tools are playing a role to complement cybersecurity efforts.

22:05 — AI models can learn from scenarios and create synthetic data to create new cybersecurity models.

23:40 — Cybersecurity gets decision support in a variety of ways.

24:20 — President Biden had released a statement about national security. He put an emphasis on better collaboration between the federal government and private sector, critical infrastructure owners, and operators. Further, he suggested they must accelerate efforts to lock their digital doors.

25:30 — A major part of better working together and managing collective risk is to continue talking about it to create awareness, maintain people’s focus, and encourage action.

28:30 — Everyone in security should be critically thinking about value—what value does your team bring, but what value do you, as an individual, bring to the organization?

30:45 — Before jumping into AI and machine learning, it’s important to have a good data strategy as well as the right tools, framework, and ecosystems in place. Having a data mindset shift is foundationally important.

33:27 — Also, think in a collective mindset in terms of how you, your team, and your organization are adding value to the broader community.