Cybersecurity Research and Insights for Digital Business

As per the Gartner glossary, cybersecurity is the combination of people, policies, processes and technologies employed by an enterprise to protect its cyber assets. Cybersecurity is optimized to levels that business leaders define, balancing the resources required with usability/manageability and the amount of risk offset. Subsets of cybersecurity include IT security, IoT security, information security and OT security.

The past year brought about many challenges for business continuity but it also led organizations to explore a more resilient, adaptable form of business that would ensure desired outcomes in both calm times and turmoil.

According to a Gartner's cybersecurity research, in 2020, 44% of digital delivery team leaders were located outside of IT. The need for security is growing outside of traditional security channels. This means that SRM leaders have decreased visibility into the quality of security and risk processes as security is expanding outside of traditional channels.

With accelerated change in business and operations, cybersecurity professionals need to adapt their strategies to help business leaders realize value of their digital investments through risk-based programs that ensure composable trust and resilience in decentralized risk decision-making organizations.

Designing a durable enterprise-scale remote work program can require deeper changes. Now that a few months have passed since the initial remote push, it’s time for a needs assessment and review of what has changed to determine if access levels are correct and whether any security measures are actually impeding work.

With a great many more people working from home as a result of the pandemic, many organizations have had to change their network security paradigms. Security and risk management leaders need to develop controls consistent with the new risks.

Remote work generally follows a common pattern, and from a planning perspective means focusing on specific areas:

• Remote access, including VPN and especially zero-trust network access (ZTNA) design.
  
• Enhanced endpoint security for managed endpoints and — if applicable — personally owned devices.
• Secure web gateway (SWG) architecture and cloud access security brokers (CASBs), particularly to account for scale and remote locations.
• Security of collaboration platforms and teleconferencing solutions, especially if they are newly deployed. Recommendations on home network security for employees, which is not under the organization’s control but does play a role in the overall security posture.

With organizations expecting more employees to work from home in the future and an accelerated pace of change in operations and adoption of innovative business models, the risks of digitalization will keep evolving and cybersecurity threats will grow. It’s clear that organizations need to complete a due diligence exercise to make sure that what they are doing to protect the organization matches the objectives set to prevent any cybersecurity breach.

The fact that organizations justify the cost on security by focusing on how it leads to risk avoidance rather than business outcomes builds this perception.

To change this perception regarding information security programs, to gain support from employees and the boards and to secure funding for your plans, it is imperative to articulate the value of your function in business terms.

Executive leaders responsible for information security must make sure that they:

1. Link security investments to revenue increase or cost savings
2. Ensure that information security strategy is linked to business strategy
3. Communicate value to peers and the board to gain support on strategy

It is difficult to proactively quantify the financial return on investment resulting from most information security expenditures; however, we recommend using a business value model that can ease the transcription of strategic benefits of information security into business value. For more detailed approaches to quantifying benefits in financial terms and an introduction to Gartner’s 4l model, read this complementary Gartner research “How to Communicate the Value of Information Security in Business Terms.”