Among the most noticeable effects of the pandemic is the sharp increase in internet usage. The acceleration of digitalization resulted in the surge of cyber threats. Along with every breaking news about the latest scams and breaches also came heated debates and colorful conversations about cybersecurity.
While millions of people already go online for their everyday transactions, cybersecurity is still a rather abstract concept to most people—that is, until they become a victim of an online scam, whether on a personal or a professional level. And enterprises, of course, are no exception, with cybersecurity only becoming top of mind in the aftermath of damaging security breaches.
In the latest episode of CLOCKWORK, Peter Maquera, Globe Business’ Senior Vice President for Globe Business, Enterprise Group, sat in conversation with two Chief Information Security Officers (CISOs): Anton Bonifacio of Globe Telecom and Ken Dietz of Secureworks.
Maquera leverages his cybersecurity knowledge to dive deep into the different cyber threats that come with rapid digitalization, and how enterprises can make cybersecurity a strategic business priority. Here are the key takeaways from this conversation.
1. Take a proactive approach to cybersecurity
Cybersecurity, simply put, is the practice of deploying people, policies, processes, and technologies to protect organizations, their critical systems, and sensitive information from digital attacks. “You can't do anything digital without anything that is related to cybersecurity,” emphasizes Bonifacio.
As such, businesses must take a proactive approach when it comes to cybersecurity. While cybersecurity has become a strategic priority for enterprises, especially in this time of rapid digitalization, challenges still abound. “There's a lot of benefits to digitalization—but it does tend to heighten your exposure to cyber attacks,” observes Maquera.
As digital transformation advances, so do cyber threats. Threat actors are constantly finding more sophisticated ways to harm businesses, taking advantage of gaps in cybersecurity skills and infrastructure, as well as regulatory and compliance issues.
Good thing cybersecurity has now become a board-level issue for organizations. Given the nature of cyber attacks and how sophisticated cyber criminals have become, businesses can anticipate possible threats. Cybersecurity, as well as improved legislation to better protect consumers and their information, is now at the forefront of key business decisions.
“The best forms of communication I've seen with boards are those that have conversations around, how much risk is the company willing to take?” shares Dietz. “How much risk does the [cybersecurity attack surface] actually pose to the business, and how can we quantify that? And how can we put in place programs that will keep risk in the area where we think it's acceptable?” he adds.
In the coming years, technology research and consulting company Gartner predicts more decentralization, regulation, and safety implications—assumptions that enterprises must build into their strategic plans and cybersecurity roadmaps.
2. Communicate, communicate, communicate
Communicating to external stakeholders, such as partners and customers, is an often overlooked part of cybersecurity, observes Maquera.
When security breaches happen, enterprises often take a while to release a statement. Once they do, it is often vague and rarely focused on solutions that reassure their partners and customers. As such, there’s plenty of room for the news to fester and tarnish an enterprise’s brand reputation.
Similar to taking a proactive approach to cybersecurity, enterprises must also take a proactive approach to cybersecurity communications. It must be integrated into the organization’s cybersecurity strategy, rather than become an afterthought once an incident happens.
But swift and precise communications don't just happen, reminds Dietz—it's something that needs to be practiced. Make sure that you’ve thought about what you’re going to do to make your customers restore their trust in your company after a major incident. “This should be top of mind and should be well-rehearsed before you actually have to use it,” adds Dietz.
Globe Telecom, for one, has a degree of customer obsession that compels them to constantly release advisories. “We ensure that we can communicate immediately, and this actually solves a lot of things for us already,” shares Bonifacio. Not only does this help reassure customers and help regain their trust, [but] it also shows that communication lines with the enterprise are always open.
3. Invest in cybersecurity skills and infrastructure
According to Gartner, cybersecurity is now a top priority for new spending across organizations. In 2021 alone, worldwide spending on information security and risk management technology and services reached USD 150.4 billion, a 12.4% growth compared to the 6.4% growth in 2020.
“You can kind of tell the level of maturity [of organizations] just based on how much of the technology spend is going to cybersecurity,” remarks Bonifacio. And this number will continue to grow beyond 2022.
Where are these investments going? Towards addressing gaps in cybersecurity skills and infrastructure. Enterprises are better off training and developing their [talents], shares Dietz.
“Talent is not easy to find as a security provider,” adds Dietz. Secureworks, for one, prefers to train their own fresh out of school and then put these graduates through their pipeline to build their cybersecurity expertise.
“We're going to have that level of expertise because we built it and we have a program to foster it. It's something that a lot of other companies whose focus isn't cybersecurity are going to have a hard time competing with,” Dietz explains.
4. Operationalize your cybersecurity efforts by investing in a Security Operations Center (SOC)
Another way an enterprise can invest in cybersecurity infrastructure is by establishing its own Security Operations Center (SOC). Having an SOC can support your company’s digitalization plans and implementations, as well as help operationalize your cybersecurity efforts, explains Bonifacio.
An SOC gives your team round-the-clock visibility that enables them to resolve cybersecurity issues in real-time. It also gives your team a more comprehensive view of your cybersecurity operations—from defining policies and governance, to threat intelligence, incident response, and security awareness, all of which can contribute to your overall effectiveness at fending off cyber threats and attacks.
5. Integrate cybersecurity into your company’s DNA
Lastly, tying in your cybersecurity strategy with the overall company culture would be the key to your success, shares Bonifacio. In fact, this is what enabled Globe Telecom to embed cybersecurity considerations into every aspect of its operations.
“This cybersecurity strategy, this digital transformation journey, is to be able to secure our customers. It's to be able to ensure that we can give them a great and wonderful customer experience, and that's the cost of doing business now. It's not an investment, and there's no ROI to it per se—it's really just tied into the overall customer experience,” explains Bonifacio.
“Cybersecurity awareness has to be part of the company's DNA—it's crucial to educate all employees on safety measures, from the executive-level to the rank-and-file,” adds Maquera.
Protect your business with intelligence-driven services, advanced threat prevention, and remediation guides from Globe Cybersecurity Solutions. For more information, contact your Enterprise Account Manager, or visit our website today.
For more business insights from industry experts and enterprise executives, listen to the Globe Business CLOCKWORK podcast—now streaming on Spotify