According to TechTarget, Digital Leadership is, “… the strategic use of a company's digital assets to achieve business goals. Digital leadership can be addressed at both organizational and individual levels.” What fundamentally makes this important is the type of business an organization performs. For an architectural firm, it might be the electronic production of drawings, or for a hospital, the electronic storage of patient records and even computerized medical equipment. Organizational leaders need to leverage these results to excel in business, provide competitive differentiators, and understand how they can provide tools for business to achieve objectives.
For information technology security professionals, there is a small twist to this definition. And, it is true for every single organization that uses information technology. After all, that’s pretty much everyone even if you do not have a CISO. Digital Security Leadership is the capability to leverage an organization’s cyber security defenses for more than just protection. Businesses typically deploy firewalls, antivirus, VPN, vulnerability, patch, privilege, and other solutions to combat cyber threats. The question becomes, how these can be used to achieve business goals?
Ensuring Business Continuity
Any unforeseen interruption in the business can cost thousands or millions of dollars per hour due to the loss of revenue, services, or even because of penalties. Cybersecurity should not be viewed as financial drain, but rather a tool to ensure business continuity. In the end, it safeguards the workflow, services, and processes your business provides from threat actors that may want to disrupt, compromise, or even leverage your resources for their own financial or malicious gain. An executive that embraces information technology security for enabling business sustainment versus throwing away money because of a threat will understand how the tools can strengthen the business.Supporting Business Strategy
Information technology security solutions are often purchased to counteract a threat or satisfy a regulatory audit finding. The truth for executives is that these purchases are generally reactive and not strategic. There is typically no long-term plan to ensure sound cybersecurity hygiene, vendor preference, or even correlation with other departments and their tactical visions and product development. Digital Security Leadership involves a long term cybersecurity strategy. A strategy that ensures the foundation of defenses remains solid, maintenance is performed on a regular basis, including updates, the replacement of end of life systems, and most importantly it aligns with the other business initiatives that leverage information technology. This implies security teams be involved from the initial conception of a new idea all the way through its release to validate and harden that the new initiative cannot be leveraged against the business. Therefore, the businesses strategy should include digital security leadership from cradle to grave to support the business and even the new offerings need resilience against threats.Enabling Regulatory Audits
Regulatory audits often dig deep into an organization looking for improper or unauthorized transactions, inappropriate practices, and errant procedures. When it comes to cybersecurity, it is often related to fraudulent activity due to insider or external threat actors. Once an event is identified as suspicious, an investigation occurs. Determining the details based on electronic events and homing in on an Indicator of Compromise (IoC) requires a well-defined cybersecurity practice and a reliable installation for log collection. This is where Digital Cybersecurity Leadership comes into play. The data needed to prove, refute, or legally charge a person or entity with a crime comes from the information technology data collected and the integrity of the data. This is where cybersecurity solutions become more than just a defensive technology. Its data merged with operational logs becomes the foundation for an investigation a key component to detect fraud and support efforts used by auditors. A good security solution enables all levels of the business including auditors and investigators. Digital Cybersecurity Leadership is an executive’s ammunition to create a culture and tools that expand beyond cyber security defenses. It promotes the solutions for other mission critical purposes within the business and allows other teams to understand that they have benefits far beyond just protecting against the latest hack. If teams can embrace cyber security from leadership on down, then the benefits may far extend the occasional inconveniences many employees experience from day to day. It takes a strong leader to change the culture of an organization and security leadership starts at the top and not just annoying expense. Contact us today for a customized cybersecurity planning session.
Morey J. Haber, Chief Security Officer, BeyondTrust
Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.