Gareth Redelinghuys Regional Sales Director: Sub-Saharan Africa, Trend Micro.

As the world has digitalised, a mismatch between a business’ strategic goals and its cybersecurity has developed. In particular, there is often an excessive focus on how to prevent hackers from breaching the organisation’s systems. In turn, this can lead to a defensive posture that works against the business’ true goals.

“At Trend Micro, we believe that cybersecurity must be integral to the way the organisation does business,” says Gareth Redelinghuys, Regional Sales Director: Sub-Saharan Africa, Trend Micro. “Cybersecurity must be aligned with the business’ goals and not be a barrier.”

For all companies, profitability is the single most important goal. In a digital world, a company’s digital posture is a key competitive advantage; digital businesses can use totally unique business models, and they have to respond to market changes at speed and scale. For example, Uber and Airbnb are obvious examples of companies that have upended conventional business models in transport and hospitality.

Other key business goals are customer satisfaction and operational efficiency. In both areas, a company’s digital posture is critical.

“Digital transformation is all about being connected, being open to business partners, employees and customers; an overly defensive posture can be counterproductive,” Redelinghuys says. “If the organisation is too focused on trying to keep hackers out, it risks becoming less agile, less responsive and, ultimately, less competitive. This kind of one-track approach also masks the fact that human error/ criminality is responsible for a huge proportion of security breaches, including basic system vulnerabilities caused by failure to perform routine functions like keeping security patches updated.”

Another important point, says Redelinghuys, is that given the threat landscape, organisations must have plans in place to deal with a data breach, however it was caused. Advances in AI can help make cybersecurity more effective, but, at the same time, provide cybercriminals with a dangerously effective tool as well.

What does business-aligned cybersecurity look like? Several elements make up a credible, business-aligned cybersecurity posture:

Defence in depth. Today’s IT estate is sprawling, typically including servers, cloud, endpoints and networks. Each must be secured with appropriate specialist security tools.

Security baked into development. In the app economy, speed to market is essential, but this can mean security is an afterthought. Security has to be integral to development from the get-go, and organisations need to work out how to do this.

Education and awareness. Human error is the leading cause of all breaches; IBM puts it as the cause of 95% of all breaches. Business-aligned security must focus on continuous education and awareness for staff, including well-crafted phishing “attacks” to see who in the organisation is vulnerable.

Platform strategy. The defence-in-depth approach can lead to a sprawling cybersecurity estate whose constituent parts do not speak to each other. Implementing a platform that connects all these specialist tools will solve this issue, and make management easier.

Business continuity plan. Given that a breach is virtually certain to occur at some point, it’s absolutely vital that a regularly tested and updated business continuity plan is in place. The longer the organisation cannot function, the greater the damage and less the likelihood it will survive.

“Cybersecurity is vital to doing business successfully today, but it has to be aligned with the business’ strategic goals,” Redelinghuys ends. 

https://resources.trendmicro.com/AMEA-Cyber-Risk-Assessment.html