It is so critical to create a security-first mindset in your organization. Too many organizations treat security as something they must tolerate or work around. Out in the field, For example, I have heard several executives say that they can’t implement a simple and standard security policy because the business believes it doesn’t support growth, no budget or they fear it might hinder salespeople. That is until the inevitable breach happens and then there is budget and a bunch of executives pointing fingers. That may sound cynical, except I have seen it several times in the last two months and many times before that.
Making security part of your organization’s mindset helps avoid these scenarios and creates a base to continue to build on as security is a never-ending journey, not a destination or state. As this excerpt from a recent CSO Online Article highlights one of the five key considerations for making security part of your organization’s mindset:
Cybersecurity is first and foremost a business challenge. Many companies began recognizing this as digital transformation initiatives accelerated last year due to the pandemic, expanding the attack surface and associated cyber risks. For businesses uncertain about how to create a security-first mindset across the organization, here are five key considerations.
Align security with business objectives and outcomes.
As C-suite stakeholders develop, change, and implement their overall business objectives, it’s important for CISOs and security leaders to engage in that conversation from the start. Having immediate line-of-sight into the business objectives helps security leaders develop a customized, scalable, and highly secure system to help reach desired business outcomes.
☝️ It is so critical to create a security-first mindset in your organization! https://t.co/FQtQIyFgXM@csoonline @BillMew @rtehrani @JohnNosta @nickhayes10 @SpirosMargaris @Shirastweet @CTOAdvisor @ChuckDBrooks @KirkDBorne @cybersecboardrm @trydc @gvalan #CISO #Cybersecurity pic.twitter.com/DtmH3xyruf
— Mark Lynd ?CISSP ISSMP ISSMP (@mclynd) January 10, 2021
It is one of those things that seems like it would be difficult to accomplish, but modern leadership and employees are astute and know that cybersecurity is a big issue for all organizations. So, it is often as simple as enlisting their support and showcasing examples of organizations that did not take the appropriate steps and meet their due-care responsibility. After all no one wants to be the sacrificial lamb when things gone wrong or see their organization attempt to endure disastrous outcomes resulting in financial distress or layoffs. Therefore, it is critical that they understand the stakes and risks and how there participation can dramatically reduce these for the organization and those that depend on it.