Resetting Cybersecurity – We Need To Think Differently For New World (High Level Views)
If “all companies are software companies” - The CEO of Microsoft, Satya Nadella; than we must have multiple lens view on cyber security Lens 1 – Having right Core or fundamentals (cyber security as we know) Lens 2 – Becoming Risk partners of business leaders Lens 3 – Leveraging cyber security as branding capability for business
Businesses that embrace digital and are successful in leveraging technology to drive a fundamental transformation to their business enjoy a wide range of specific benefits arising from their digital ecosystem that include, but go well beyond, the bottom line. Many of these benefits, such as improved product quality & customer satisfaction, contribute to better financial performance —as well as by prompting a greater focus on growth and innovation. As rightly said: “all companies are software companies” - The CEO of Microsoft, Satya Nadella.
With digital being one of the strategic livers for every business now, unfortunately cybersecurity is still treated as old generation IT cost function. I believe cybersecurity leaders need to look at cyber security from three lenses at one go:
Lens 1 – the Core or fundamentals: I refer to this section as building blocks of cybersecurity and almost each CISO or security professional is an expert using this lens. The basic building blocks of security would refer to vulnerability management, identity and access management, security operations, compliance and governance etc. There are many articles which can explain cyber security domains in length hence I would skip this but most of the security function focuses on lens 1 only thus limiting cyber security to be cost function.
Lens 2 – Risk partners: risk management word in cyber security somehow brings memories of ISO 27001 asset base risk register which each cyber security professional has build at some point of time and that is why I use term risk partners. We need to become partners of risk, especially when it comes to cyber security. Let me take an example as shared by my close friend – we never go to business leaders and asks what are your KPI / KQI. If we don’t know what business leaders KPI/KOI are, how do we know the growth risks which needs to be mitigated in current environment.
If “all companies are software companies”; being risk partners of business leaders is more evident than ever before.
Lens 3 – Revenue enabler: leveraging cyber security as branding capability for business. If “all companies are software companies”; then being consumer of services or product (B2C , B2B, C2C or C2B) I will feel more comfortable in engaging with business which has better security along with ease of use. A trend which will be stronger in coming years and is visible in app market as of now. Soon with cars (I need cyber safe connected car, network, TV etc.)
I will be writing more of Len 2 and lens 3 but do suggest if there should be more lenses
I think that mere belief “all companies are software companies” is killing the essence and importance of cyber security, the reason being that when this belief is endorsed by the CXO’s then that is where the products bought are treated as their own and to secure them and the the company, becomes a job of a cyber sec professional, thereby limiting and treating the service as cost centre. Companies need to come out of this belief that they are software companies. They need to believe in what they do, there would be a paradigm shift in the belief that entire IT services incl. cyber security is not just cost centre it is a profit centre because the lens with which they see this service has changed.