Why Security Needs to be Involved in Every Department

Why-Compliance-Does-NOT-Equal-SecurityWhen most people think of cybersecurity, they think of it being a function solely of the IT department to “figure out.” For many years, this is how most businesses handled their security needs.  Cybersecurity conversations tended to be highly technical.  For those not versed in the area, it was a conversation they could not get in on, and it seemed to often ignore business imperatives.
This is no longer the case. Today’s business environment is different. Mobile devices are everywhere, cloud services, virtual infrastructure, and personal applications are being used at any place any time and are making networks more difficult to secure. Networks are fluid and ever changing, based on growing business demands for digital and e-commerce. And that is why security needs to be involved in all departments. An organization that does not give cybersecurity a seat at the table is setting itself up for higher risk and a far greater chance of failure. Cybersecurity is rooted in improving business outcomes and reducing business risk. Compliance, industry standards, and government regulations are now forcing other departments to start thinking about security.  When an organization understands that there are commercially sensitive assets that need protecting and that those assets are connected to the organization’s core business processes, that organization understands that cybersecurity is part that protects the whole of Finance, Marketing, Sales, Human Resources, R&D, etc. A discussion on cybersecurity threats to business operations and the impact on sales, profits, and reputation, needs collaboration from all sides to yield better solutions to secure our digital businesses. And, because security budgets are increasingly funded by different business units rather than solely from a central IT budget, everyone needs to be on the same page when it comes to what the organization is going to spend money on and what the priorities need to be. Most businesses these days are in the business of data. What that means is all parts of an organization are at risk to malware, zero-day attacks, advanced persistent threats, identity theft, and ransomware. All departments are at risk of these types of attacks.  As said by Kevin O’Leary, field chief security officer for Asia Pacific region at Palo Alto Networks, “Attackers don’t just go after the engineering department’s pending patent applications, or the sales organization’s customer lists, or the CFO’s notes on pending acquisitions. Every department of every organization is at risk, and you must have your business leaders and your security team putting their heads together to identify risks, weigh potential impacts, plot strategies, execute defensive plans, and measure outcomes.” So, is this how things work at your organization?  Is the cybersecurity team part of budget discussions with each and every department?  Do they help guide your organization towards securing the most important parts of your business?  Do they understand the corporate goals and objectives? Are they involved in the discussions around financial and organizational compliance?  If not, then it’s time to start getting your cybersecurity team more involved in all facets of the organization to help reduce your risk profile.

Leave a Comment

Your email address will not be published. Required fields are marked *