At Tessian Human Layer Security Summit on March 5, four of Tessian’s customers engaged in an in-depth panel discussion about cybersecurity trends for 2020, the importance of creating a positive security culture in an organization, and the impact of human error.
All of the panelists, including Timor Ahmad from Lloyds of London, Jamie Travis from Herbert Smith Freehills, Mark Parr from HFW, and Emily Fisher from Clifford Chance offered incredible and diverse insights and, in pulling these insights together, we’ve created a mini-guide for other cybersecurity professionals.
Here are five things to consider when creating and implementing a cybersecurity strategy according to Tessian’s customers.
While cybersecurity strategies are long-term and take time to both implement and iterate, they must also be mutable. Why? Because in addition to the ever-evolving threat landscape, there are plenty of other internal and external factors to consider.
For example, privacy laws, regulations, compliance standards, company size, board members, budgets, and individual employees all affect an organizations’ security posture and should, therefore, influence strategies. Even a global health crisis like Coronavirus, which Mark Parr from HFW referenced, is something that impacts security strategies, especially with more and more organizations implementing remote working policies due of the outbreak.
While, yes, It’s a minefield, organizations have to consider and reconsider these moving parts and, in doing so, constantly evaluate and re-evaluate their strategies and frameworks to keep data, networks, devices, and people secure.
With the two-year anniversary of GDPR just around the corner, other nations and even individual states in America are adopting their own data privacy laws. These, of course, are in addition to those already enforced by government agencies like the FCC and the ICO.
The growing number of regulations are especially pertinent for organizations that handle customer or client data. And, while the fines for a breach are hefty under these new compliance standards, organizations have a lot to gain by keeping internal and external data secure. Being transparent and secure about data protection bolsters credibility and trust.
As data becomes more and more of an asset to protect, cybersecurity is becoming a less siloed department and more integrated into overall business functions. Again, this is especially the case for organizations that handle customer or client data.
In fact, strong cybersecurity actually enables businesses and has become a unique selling point in and of itself.
For an industry that has historically struggled to communicate its value and the return on investment for strategies, this is huge.
As the Human Element continues to be one of the biggest risk factors in data breaches, it’s absolutely essential that those in cybersecurity leadership positions make a pointed effort to engage with their employees to communicate risks and responsibilities.
Of course, anyone in a cybersecurity leadership position knows this is no easy task.
According to our panelists, though, the key is to find new ways to tell the same story. Some use gamification and positive reinforcement while others rely on more interactive content like videos and podcasts.
Whatever the method or medium, the most important thing is that risks and responsibility – which the entire organization bears the burden of – are translated so that everyone across departments and levels of seniority can understand.
As we’ve said, cybersecurity is no longer siloed. That means that accountability is required company-wide in order to make policies, procedures, and tech solutions effective. But, according to our panelists, employees and even board members are becoming less passive in their roles as they relate to cybersecurity.
This is a big relief for IT and security teams, especially when the threat of human error is one of the biggest challenges we’re up against.
You can also read key takeaways from the day here.