Wednesday, February 9, 2022

Unpacking Cybersecurity: Examining Its Gears With Today's CISOs

As breaking news of the latest online scams and security breaches continue to make the rounds, so do heated conversations about cybersecurity such as large companies being hacked, customer data leaks, and the all too common email phishing, among others.

“Millions of people are going online for their everyday transactions,” says Peter Maquera, Senior Vice President for Globe Business, Enterprise Group. “But whether it's personal or for business, it seems that, for many, cybersecurity is still quite an abstract concept—until, of course, you become the victim.”


While cybersecurity has become a strategic priority for enterprises in this time of widespread digitalization, challenges still abound. Cyber threats and cyber attacks continue to rise, and threat actors are finding more sophisticated ways to put organizations at risk. Coupled with existing gaps in cybersecurity skills and infrastructure, as well as regulatory and compliance issues, it makes for the perfect storm of cyber vulnerabilities.

“There's a lot of benefits to digitalization, of course. But it does tend to heighten your exposure to cyber attacks. So, you need to have a cybersecurity strategy along with your digitalization journey,” adds Maquera.


So, how does cybersecurity affect businesses? And how can businesses have a better handle on cybersecurity? These are the questions that punctuated the latest episode of CLOCKWORK, a podcast from Globe Business that provides meaningful, genuine, and humanized conversations about business, technology, and industry insights.


Maquera hosts CLOCKWORK and is joined by two of today’s leading Chief Information Security Officers (CISOs): Anton Bonifacio of Globe Telecom, and Ken Dietz of Secureworks. In this conversation, Maquera, Bonifacio, and Dietz took a deep dive into the technologies and trends that can help businesses secure their digital transformation journey. 


Proactive approach to cybersecurity


“There's no denying the reality of cybersecurity—you can't do anything digital without anything that is related to cybersecurity,” says Bonifacio. As such, businesses must be proactive when it comes to cybersecurity, instead of just reacting to security breaches as they happen.


Cybersecurity is the practice of deploying people, policies, processes, and technologies to protect organizations, their critical systems, and sensitive information from digital attacks. As cyber threats run rampant amid advancements in digitalization, cybersecurity must become a strategic business priority.


Indeed, cybersecurity has become a board-level issue for organizations. Given the nature of the cyber attacks, and how sophisticated cybercriminals have become, businesses must be able to anticipate possible threats. Fortunately, cybersecurity and improved legislation to better protect consumers are now at the forefront of business decisions.


Gartner predicts more decentralization, regulation, and safety implications over the next few years, and encourages organizations to build these strategic planning assumptions into their cybersecurity roadmap for the years ahead.


“The best forms of communication I've seen with boards are those that have conversations around, how much risk is the company willing to take?” says Dietz. “How much risk does the cybersecurity area actually pose to the business, and how can we quantify that? And how can we put in place programs that will keep that risk in the area where we think it's acceptable?” adds Dietz.


Communicating to external stakeholders, such as partners and customers, is an often overlooked part of cybersecurity, says Maquera. Therefore, it must be integrated into an organization’s cybersecurity strategy, rather than become an after-thought once an incident happens.


“At Globe Telecom, we have a degree of customer obsession that we ensure that we can communicate immediately, and this actually solves a lot of things,” shares Bonifacio. When an incident happens, such as a security breach or a cyber attack, the organization must communicate immediately to reassure their customers and regain their trust.


“But swift communication doesn't just happen—it's something that you need to practice,” reminds Dietz. As such, make sure you have a communications plan in place and that you actually practice it. Make sure that you’ve thought about what you’re going to do to make your customers restore their trust in your company after a major incident. “This should be top of mind and should be well-rehearsed before you actually have to use it,” adds Dietz.


Address gaps in skills and infrastructure


“You can kind of tell the level of maturity [of an organization] just based on how much of the technology spend is going to cybersecurity,” says Bonifacio.


Indeed, cybersecurity is now a top priority for new spending across organizations. According to Gartner, worldwide spending on information security and risk management technology and services reached USD 150.4 billion in 2021, a 12.4% growth compared to the 6.4% growth in 2020. And this number will continue to grow beyond 2022.


Part of this investment is training and developing a pipeline of cybersecurity professionals. “Talent is not easy to find as a security provider,” shares Dietz. As such, Secureworks prefers to train their own fresh out of school, and then put these graduates through their pipeline to build their cybersecurity expertise.


“We're going to have that level of expertise because we built it and we have a program to foster it. It's something that a lot of other companies whose focus isn't cybersecurity are going to have a hard time competing with,” adds Dietz.


Businesses can also benefit from a Security Operations Center (SOC) to support their digitalization plans and implementations, says Bonifacio. Not only does it help operationalize cybersecurity, but having an SOC gives round-the-clock visibility that enables teams to resolve cybersecurity issues in real-time.


Having an SOC also gives teams an end-to-end view of their cybersecurity operations—from defining policies and governance to threat intelligence, incident response, and security awareness, all of which contribute to an organization’s effectiveness at fending off cyber threats and cyber attacks.


Cybersecurity as part of company DNA


At Globe Telecom, tying in the cybersecurity strategy with the company culture was really the key, shares Bonifacio.


“This cybersecurity strategy, this transformation journey, is to be able to secure our customers. It's to be able to ensure that we can give them a great and wonderful customer experience, and that's the cost of doing business now. It's not an investment, and there's no ROI to it per se—it's really just tied into the overall customer experience,” explains Bonifacio.


“It's crucial to educate all employees on safety measures, from the executive-level to the rank-and-file,” adds Maquera. “Cybersecurity awareness has to be part of the company's DNA.”


Globe strongly supports the United Nations Sustainable Development Goals, particularly UN SDG No. 9, which highlights the roles of infrastructure and innovation as crucial drivers of economic growth and development. Globe is committed to upholding the UN Global Compact principles and contributes to 10 UN SDGs.


For more business insights from industry experts and enterprise executives, listen to Globe Business’ CLOCKWORK podcast— streaming on Spotify. You may also visit our Cybersecurity page to know more about our threat defense solutions.

No comments:

Post a Comment