
Fighting the War on Cyber Crime Starts in the Boardroom


Matt Fearin, CISO, Epsilon, Matt Fearin is Chief Information Security Officer (CISO) of Epsilon, with enterprise-wide responsibility for information security and compliance, incl... More >>
In today’s digital world, data security is more important than ever. Cyber attacks are all too common and no company is immune. It’s estimated that in 2016 alone, over 200 million data records have been breached from both consumer-facing and B2B companies. And that’s just what has been detected and reported. It’s an absolute certainty there will be more, yet most organizations don’t have the correct structure, or, more importantly senior level involvement and support, to properly address data security and information privacy threats.
How can companies get in front of data security issues, both to prevent them from happening, and to mitigate the unpleasant experience if (or, more likely,when) it happens? Perhaps I’m biased, but I believe that it starts with hiring and empowering an experienced Chief Information Security Officer who is part of the leadership team. The top priority of a Chief Information Security Officer (CISO) is keeping data and technology safe in a digital world, understanding the potential issues and leading best practices throughout the company. A relatively newer member of the traditional C-Suite, companies previously relegated the responsibility of data security to the Chief Technology Officer (CTO) or Chief Information Officer (CIO). Now, businesses are elevating and prioritizing the security function, making CISOs peers of the CTO and CIO, in order to provide the focus and specialization needed. Security issues are now part of daily life for all C-level business executives, with cyber security events often cited as the top business risk that needs to be managed.
Ensuring a company is properly handling and protecting data is a full time job, one that impacts every level of the organization–from brand reputation to client services and legal to technology teams. Think about it. A huge data issue creates upset customers, loss of information and PR nightmares, not to mention it challenges relationships with any existing external partners. For this reason, a CISO must be able to communicate and effectively deliver solutions across the entire company, ensuring all parties feel confident that they are implementing best-in-class security and have a comprehensive security response plan in place.
A huge data issue creates upset customers, loss of information and PR nightmares, not to mention it challenges relationships with any existing external partners
Below are my tips for successfully creating allies across the C-Suite:
Develop Strong Relationships with ENTIRE C-Suite.
CISOs can’t be successful without the backing and trust of the full C-Suite. Security elements should be part of every business, marketing, technology and legal plan. Additionally, CISOs must have line of sight into the broader business goals and input into strategic objectives that have technical implications. Having strong relationships in place at the top of the organization will assist with addressing security issues effectively and efficiently. Nothing stops a security initiative faster than questions concerning its relevance, funding or value – the importance of data and information security should be embedded across the organization.
Sell in the Benefit and Importance of Data Security BEFORE Something Happens.
Clearly, articulating possible or imminent data security risks on a frequent basis enables the ability to quickly respond to shifting threats. Technology alone will not address cyber security risks, there needs to be a strategic plan. Getting out in front of issues early and participating as someone helping the business to DO something, rather than to STOP something, is paramount for success.
Foster an Environment of Transparency.
Balancing requirements and strategy throughout the C-Suite requires the CISO to be highly transparent about risks, security capabilities and the ability to mitigate issues. Products and solutions should be evaluated openly and collaboratively. Additionally, the security organization carries its own risk and, as such, security’s capabilities, effectiveness and efficiencies should be reviewed, considered and ranked for complete transparency. Keeping everything behind the curtain will lead to failure over time. It’s important to inform the business, share any problems and work together to solve them.
Set Expectations.
In a previous role, I was once asked to eliminate all security risks associated with user access to a large suite of applications involving highly sensitive data. My response was that I could do it by removing all access.This was met with “that’s not realistic.” Well, neither is eliminating all security risks. As CISOs, we need to change the conversation about how we manage risk, through active engagement and recurring monitoring by all stakeholders.CISOs should be empowered to focuslesson compliance and more on executing a risk aware, risk-based approach throughout the organization. This will ultimately improve the ability to respond to security threats.
Listen to the Business Leaders.
CISOs need to go beyond just hearing what the business is going to do and what they’re trying to secure. It’s about using security to aid leaders in the creation of strategy, removal of hurdles and preparation for what the business will need to do, versus just reacting to what is being requested. By establishing recurring reviews of risk and security posture and truly listening to the business problems that need to be solved, CISOs can elevate the thought process and clear the path for the business to execute freely on innovation.
Evolve with the CIO.
Arguably the most important relationship for the CISO to foster in the boardroom is one with the Chief Information Officer (CIO). These two roles are evolving as informational strategy, security requirements and reporting needs change, and to be successful they need to work together. For example, the CIO is no longer simply a technology leadership role. Instead, it’s beset with demands for digital services that revolutionize the corporate model. CIOs need to drive revenue, customer engagement and innovation while working within strict cash limitations—a complex balancing act. Making the CISO independent of the CIO provides a higher level of objectivity and independence that should prove beneficial to the entire organization.
Businesses face tremendous risks in today’s highly digital, technology-driven economy. The more equipped and collaborative we are in our approach to cybersecurity, the more successful we will all be.
ON THE DECK
Featured Vendors
Adirondack Information Security LLC: Effective and Affordable Cybersecurity Consulting For All Businesses
LBMC Information Security: Fortifying Your Data with Real-Time Monitoring and Dedicated Professionals
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Why Every CISO Should Develop a Secure Software Supply Chain?
Are Your Value Props Still Relevant in the Changing Market?
Building and Maintaining a Risk Averse Security Program
The Race to Digitize the Insurance Industry
FinTech Down, "But Not Out"
The Softer Side of Directing Digital Transformation
