Cómo exponer a la gerencia el valor de la seguridad de la información

Cómo exponer a la gerencia el valor de la seguridad de la información

Cyber security has always been an unsought goods like, insurance, which is useful only when something bad happens. And It’s always been challenging for security leaders to communicate the value of cybersecurity investments to board and peers. Furthermore, everyone in an organization has their own perspective when it comes to cyber security. That’s partly why security professionals find it difficult to convince management for budget approval.

The value of cybersecurity should be crystal clear to life sciences and health care boards and leadership. Cybersecurity attacks and data breaches seem to be in the headlines almost daily, and sobering statistics are everywhere.

Security leaders are faced with placing a value on things that haven’t even happened, like data breaches, service disruptions and loss of customers. They need to justify security investment and acquire budget to protect organizations from the growing list of threats that could impact the future of the business.

Then there’s the problem of speaking a different language. Cybersecurity metrics are often communicated in complex, technical language that is difficult for the CEO or other business functions to understand. But translating cyber risk into business risk has never been more important, as many organizations face significant budget cuts amid COVID-19.

A comprehensive cybersecurity program is a business-critical function. With three tips, CIOs and CISOs can better communicate cybersecurity ROI by stressing why these programs are a must-have for their organizations, demonstrating the business value of security solutions and building a strong security culture.

Cybersecurity should not be treated as a siloed department, but rather an integrated part of overall business functions. One way to communicate the far-reaching value of a cybersecurity strategy is to walk leadership through the consequences of a data breach — loss of customers, data, revenue, intellectual property and more — as these consequences directly affect a business’s bottom line. By connecting the dots for non-IT executives, they’ll be able to better acknowledge the importance of strong security practices.

Create a Positive Security Culture

Engaging the whole organization to help them understand the value of a cybersecurity program is not easy. Technical risks are often difficult to translate across departments. Meanwhile, policies and procedures that ensure good security habits can be seen as an impediment to employee productivity.

This is why a positive security culture is so important. By using techniques like gamification, positive reinforcement, or interactive content like videos and podcasts to promote security practices, CISOs can engage fellow employees and get more buy-in from executives. These strategies help everyone, regardless of department or level of seniority, understand the risks and responsibilities regarding security and how each employee plays a crucial role.

One major benefit of a positive security culture is that it creates in-house evangelists who can demonstrate the value of cybersecurity. It will also empower security-aware employees to become the organization’s greatest cybersecurity asset. Simple human error causes the majority of security breaches. Getting employees invested in security contributes to overall data protection and cybersecurity objectives.

Ultimately, communicating the value of cybersecurity depends on translating cyber risk into business risk, and making security a guiding principle for your larger organization. With risks and challenges related to remote working becoming the new normal for many organizations, it’s critical that IT leaders engage all employees in shared cybersecurity awareness.

 

Situations are changing, as boards and management are understanding the importance of security. Now it’s the security leader’s responsibility to communicate the importance of cyber security effectively. This has become very important during the pandemic when huge risks of cyber breaches are looming and organizations cut costs due to slowing business to survive the pandemic.

Communicating the value (and necessity) of cybersecurity measures to your larger organization isn’t easy. Not only are technical risks hard to translate across departments, but policies and procedures can often be seen as a hindrance to employee productivity.

But, if you can engage with the larger organization and create a positive security culture, you’ll have a better chance of getting buy-in from C-level executives. How?

More and more, CISOs are relying on gamification, positive reinforcement, and interactive content like videos and podcasts to promote their strategies. Whatever the method or medium, the most important thing is that risks and responsibilities – which the entire organization bears the burden of – are communicated so that everyone, regardless of department or level of seniority, can understand.

The benefits of this are two-fold. Not only will you demonstrate the value of cybersecurity via in-house evangelists, but you’ll also empower security-aware employees to become your biggest cybersecurity asset.

 

Resources:
(1) Gartner
(2) KPMG
(3) security Tech

Picture: <a href=’https://www.freepik.es/fotos/icono’>Foto de Icono creado por 8photo – www.freepik.es</a>

El valor de la identidad

El valor de la identidad

The rapid digitisation across the world in 2020 has paved the way for companies to adopt new models in how they secure and manage the identity of their users.
As businesses move from largely reactive measures last year to now putting in place policies and processes to permanently adapt to the new normal, a modern identity and access management (IAM) system is critical to manage access across multiple operating systems, devices, locations and applications, based on what a user should be able to do and what they will need over time
IAM encompasses a complex set of functions that touch nearly every aspect of your business and have a measurable impact on your bottom line. Leaving an outdated IAM system in place — whether you’re managing the identities of employees, business partners, or end customers — is both costly and dangerous.

Modernising Identity Reduces Maintenance Costs
Businesses that are reluctant to invest in IAM are often unaware of how much money they’re already spending on it. Maintaining an outdated, decentralised IAM system is usually a full-time job for at least one developer. In addition, dealing with identity-related issues such as lost passwords takes up the majority of your support desk’s time.
The maintenance costs of in-house Identity are high even if we only define “maintenance” as keeping the existing system running so users can log in and access resources. When businesses improve their custom IAM systems, those costs skyrocket. Auth0 customers regularly report that if they attempted to build our features themselves, it would take an entire team of developers.

Identity Is Critical to Legal Compliance and Security
If you don’t invest in a sophisticated, secure identity solution, then you’re essentially budgeting for regulatory fines and the myriad costs associated with data breaches. Given the rise in global data privacy laws and cyberattacks, the chances that you will be impacted are only increasing.
Identity-based attacks are a pervasive threat. Today, hackers the world over use authentication as their preferred gateway to attack. Verizon’s 2020 Data Breach Report found that the most common forms of data breaches are identity-based: phishing and attacks using stolen credentials. These broken authentication attacks mean huge expenses for businesses, in the form of application downtime, lost customers, and IT costs. The Ponemon Institute reports that a company that falls victim to a credential stuffing attack stands to lose an annual average of US$6 million. Thwarting these attacks requires IAM features such as brute force protection, multi-factor authentication (MFA), and rigorous access control.

IAM Unleashes Innovation
For better or for worse, your company’s IAM platform will impact your ability to innovate. This happens in two ways. The first is simple: Every hour your developers spend on authentication is an hour they’re not improving your core product.
Most companies are familiar with this logic when making other decisions about building vs. buying microservices. For example, Auth0’s research found that when companies need to incorporate a payment tool in their app, only 26% build it themselves. The other 74% use a software-as-a-service SaaS solution like Stripe or Paypal. The same logic holds true for authentication.
Aside from freeing up resources, an IAM system can drive innovation. For example, consider the impact of centralised Identity on improving analytics and customer outreach. When a single IAM provider handles user authentication across devices and integrates seamlessly with every other system, it de-silos data to create a single source of truth about users. This idea is the heart of an omnichannel approach to retail and marketing.

Identity Is Central to Your Business
It’s always important to make sound investments in technology, and particularly in a moment of global uncertainty. But having a secure and extensible IAM solution is one of the best defenses against that uncertainty because it makes businesses more capable of adapting to change.
A modern IAM solution can provide both a quick business win and long-term value by decreasing costs, increasing revenue, and making businesses more adaptable in a shifting technological and legal landscape.

Shall we talk about your project? Soffid 3 is a more intuitive and user-friendly version that will fit your needs.

Sources:
(1) Digital Security Magazine
(2) Frontier Enterprise