Two Strategies You Can Use To Reimagine Cybersecurity Without Looking Like An Amateur

Two Strategies You Can Use To Reimagine Cybersecurity Without Looking Like An Amateur

Words are power. They have energy, and whether we’re speaking, reading, and exposing ourselves to them, we can use them to build relationships, increase knowledge, and drive action. We can use them purposefully, intuitively and strategically. For good and for bad.

Consider one of the most relevant words of the moment, crisis. Most dictionaries define it as: 

  • A time of intense difficulty or danger.
  • A time when a difficult or important decision must be made.
  • A situation when people become less confident and start to worry.
  • The turning point of a disease when an important change takes place, indicating either recovery or death.

All of these descriptions accurately describe what’s occurring now. But as a leader, who’s coping with the current crisis – Covid-19, the last thing you need from me right now is a pep talk on how to manage it. What you do need is practical guidance on cybersecurity, and specifically how to defy the odds, seize an opportunity and emerge from today with certainty and strength. So, I’m going to walk you through what I’m seeing cybersecurity leaders do, and two strategies you can use to reimagine cybersecurity without looking like an amateur.

I’ll be looking at what’s sacred, what needs to be reset, reinvented or reimagined. Now, this is important, because thanks to Covid-19, whether you know it or not, you’re now a part of a humungous test that’s shaking the foundations of society, business, and technology. Many of the changes you expected to be eased into over the next few years are here now, and as we move through this crisis, we’re all going to see a new normal emerge. Leaders will adapt, behaviours will change, and innovation and dissolution will be on speed.

Competition is going to be intense, too, and your visible contribution is going to be more important than ever. Some people will find this period easy and they’ll thrive during it. Others won’t, and they’ll struggle and buckle under the stress. You’ll hear thought leaders like Dan Pink, Klaus Schwab and Satya Nadella speculating on whether it’s a message from the future, the bonfire of blinkered capitalism, or even a shift from hierarchies to wirearchies.

Whatever you believe, thanks to the crisis one thing is certain – we’re now going to see a huge unmasking of our dysfunctional ways. It’s as if someone has literally taken a great big highlighting pen and run it over our people, processes and technologies. Everyone is affected, and that's why now is the perfect time to re-evaluate, collaborate, strategize, and do things properly.

With cybersecurity covering attacks and compliance failures, and Europol recently warning how cybercriminals are exploiting employees working remotely during Covid-19, the number of cyberattacks is rising.

Just consider where we were before Covid-19. Then, imagine what will happen if we don’t take the right action now, when our adversaries are making the most of our unreadiness.

Smart cybersecurity leaders recognise the opportunity that’s available to them and are purposefully creating diverse teams – teams who have diversity of experience and thinking, and who can help them to uncover missed risks and to not be so blindsided. They’re asking, where are we fragile, when are we dependent, and what are the consequences? And, faced with so much uncertainty and fluidity, they’re applying one of two strategies to improve new realities.

Let’s look at them.

Strategy #1 is short-term – typically anything from 90-days to six months. It’s used by leaders who are unable or nervous to invest in large scale, multi-year, transformational programmes. Here, they’re applying spring cleans and making incremental small steps to improve. It’s where you’ll see them focusing on the things that are sacred, things that can make a huge impact to their security posture, like the 10 steps to cybersecurity hygiene. According to research from CESG (the UK Government National Technical Authority for Information Assurance) 80% of cybersecurity attacks originate from poor cyber habits, so getting the basics – the fundamentals – right would dramatically reduce an organisation’s cyber risk exposure. It’s a solid way forward especially when budgets are reduced or delayed, as many are.

Using marginal gains is a strategy Dave Brailsford, the General Manager and Performance Director for Team Sky, Great Britain’s professional cycling team, used to lead his team to consistent Olympic gold medal success. He refers to it as being,

“the 1% margin for improvement in everything you do.”

When David became Head of Team Sky in 2002, there was virtually no record of success. In fact, the British team had only won one gold medal in the last 76-years. He wasn’t deterred, though. He believed that if you could improve every area related to cycling – the critical success core areas – by just 1%, then those small gains would add up to a remarkable improvement. Fascinated with process-improvement techniques like Kaizen, a long-term approach to work that systematically seeks to achieve small, incremental changes in processes in order to improve efficiency and quality, he wanted to focus on progression, and compound the improvements.

So, he started by optimising the low hanging fruit – the nutrition of his team, their weekly training programme, the ergonomics of the bike seat, and the weight of the tires. Then, through experimentation, he searched for 1% improvements in other areas. He found small improvements to aerodynamics by examining wind tunnels, eliminated impurities that were found to be accumulating on the track floor, reduced infections and illness by hiring a surgeon to teach their athletes about hand washing and food preparation. When he discovered a pillow that offered better sleep, he ensured his team used it, even if they were staying in hotels. He searched for 1% improvements everywhere. And, the results paid off.

So, before we move onto the second strategy, please consider turning things upside down. Stretch your mind to think small not big. Focus on the system not the goal. The habits rather than the outcomes. Improving by just 1% doesn’t require much energy. It isn't notable, often isn’t noticeable, and as a result can be less risky. And we like that in cybersecurity! ;)

Small wins and marginal, slow gains are powerful and hugely transformational. So, reimagine security. What can you do? Can you …

…Plan 1% better? Prepare 1% harder? Think 1% further? Research 1% deeper? Execute 1% better? Learn 1% faster? Think about where you can apply the strategy backwards, too. For example, can you proofread 1% slower.? Work 1% less?

Think about the impact of this. Better still, measure it. I promise you, it’s where the magic happens, and the difference between pretty good and great.

Strategy #2 is long-term. It’s where you’ll find cybersecurity leaders who are not concerned with fighting the old but building the new. They’re interested in innovation, scale, speed, and agility and it’s here where you’ll notice the difference. They’re applying a ‘bend, but don’t break’ approach which marries the disciplines of cybersecurity, business continuity and resilience. They want cybersecurity to be done properly – to be integrated throughout the business rather than centralised and siloed, and with effective executive presence they can get buy-in to achieve that. That’s why they’re able to roll out effective security awareness training programmes, collaborate successfully with peers and partners, drive automation and workflow integration, scale cybersecurity technology investments; deploy advanced technologies like artificial intelligence (AI), machine learning (ML), and Security Orchestration Automation and Response (SOAR); and move to the cloud or other virtual environments.

Whichever strategy is used, know this. Cybersecurity leaders are streamlining tools, reducing suppliers, demanding more added value and expecting faster returns on their investments. Their goals are set on how quickly they can detect a security breach, contain it, mobilise their response, and recover operationally. And that’s why they have to focus on the three pillars of strength – people, processes and technology.

On 7 August, at 10.30 am BST, I’ll be chairing a discussion with Perry Timms – renowned blogger, global speaker and TedEx speaker on the future of work. Perry is going to act as the ‘voice of the customer’ and will be joined by Nowcomm Co-founders – Richard McLoughlin and James Baly, and Head of Services, Kevin Prone. It’s going to be unlike any other masterclass you’ve attended, and I’ve held. I’m excited to let you know about it.

Please come join us to understand the importance of culture and operations in reducing your organisations risk, in today’s digital world.

Register here now – https://bit.ly/NowcommMasterclass1

Aimed at C-Suite executives (CEOs, CIOs, CTOs, CFOs) particularly HR directors who are responsible for corporate culture and people governance, you’ll hear from industry experts who’ll be discussing the top cybersecurity challenges digital organisations are facing right now, and how critical people and culture are in driving the present and future security of business.

Here's what we'll be covering and what you'll gain by attending:

  1. Maturity: Identify where your organisation is on the security continuum and what security fundamentals are required in order to positively impact your organisation’s security posture.
  2. Culture: Learn what strategies you should deploy to improve engagement between your security team and wider employee network, thereby reducing your business risk.
  3. Trust: Understand which emails and links are real, and which are fake, so you can further educate and protect your organisation from compliance failures, regulation fines, and cyber-attacks.
  4. Value: Learn how to assess the cost of a data breach and the steps you must take in order to reduce the impact and recover at speed.
  5. Reliability: Discover how cybersecurity risks rise with business automation, digitisation, and machine learning, and what risk mitigation measures you must implement.
  6. Reinvention: Ignite innovation, reset best practices, and learn how to align business and security objectives during and beyond these unprecedented times.

Now I want to hear from you…

  • Tell me what strategies you’re using to deal with this crisis. Please share your tips in the comment box below.
  • Please come join us for Nowcomm’s Future of Security Masterclass. the first of three insightful masterclasses on how to understand the importance of culture and operations in reducing your organisations risk, in today’s digital world.
  • And, if you can’t make the date, register for it anyway. Pop questions you want answering in the comments box below, and I’ll make sure you get them answered and receive a recording.

Finally, in the spirit of full disclosure, please be aware that I’ve received compensation for promoting this #ad for Nowcomm. Because your success is important to me, I only align myself with brands I believe in, and Nowcomm is one of them.



About Jane Frankland

Jane Frankland is an award-winning entrepreneur, best-selling author and keynote speaker. She’s been named as a top 20 global influencer in cybersecurity, a top 100 UK influencer in tech, a LinkedIn Top Voices, a Global Digital Ambassador, and is a world leader on how to attract and retain women in cybersecurity. She's spent over 22-years in cybersecurity, built and sold her own hacking firm, and directed some of the world's most well-known security consultancies. Through her career and companies, she's been actively involved in leading industry accreditations, schemes and forums, judging awards and advising boards. Today, she is an influencer for major brands, an activist for women’s rights and is working to better the world by ensuring women are seen, heard, and better equipped to advance their careers and businesses in male dominated industries. To work with Jane, go here http://jane-frankland.com

Berin Lautenbach

CISO / Executive Security Leader

4y

As always - interesting and thought provoking :). Thankyou! Strategy #1 is something that can and arguably should just be part of any security team's operating rhythm. That said it's surprisingly hard to do over a long term because it takes discipline. But it's worth it. Just make sure it's data driven. Strategy #2 I like as well - but I always worry that people can get so caught up being innovative and different that they forget that actually a *huge* part of security is helping the organisation getting the basics right. Sometimes that's just application of strategy #1, but sometimes the basics are so broken that the best course of action is to focus and help the other technology teams get them fixed. Innovation can come later. Not in any way to detract from your point however! Both strategies are incredibly important and useful. Maybe it's along the lines of Jacques' point below - strategy #1 is always useful, but the broader strategy will be tied to the needs of the organisation at a point in time.

Jacques du Toit

Cybersecurity & Cloud Solutions | Azure, Microsoft 365, Security and Network Infrastructure | Securing and Streamlining IT Environments 🇬🇧

4y

Great and insightful article Jane, thank you. I would add that a longer-term cyber strategy for any business should be relevant, appropriate and specific to the business. Too many businesses develop and aim to implement strategies because someone else told them so or because it is what everyone else is doing - "simply spending on a certain technology or implementing certain controls, because a competitor is doing it, is not going to work for your business in the long run". The focus should be on what is relevant and appropriate. I have recently published a short article on how someone can go about, develop and implement a relevant and appropriate cyber security strategy for their business - (https://www.linkedin.com/pulse/cyber-securitystrategy-jacques-du-toit/) #cyberstrategy #cybersecurity

Albert McBride Jr

Military Spouse /VCISO Advisory Risk Compliance Executive, Leadership content developer/ Instructor. IR Support & Team builder, Cyber & IT Mentor & Career transition support.

4y

Great post and read Jane...

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics