Redefining the Cybersecurity Playbook: Moving Beyond Technology

It’s the 20th annual Cybersecurity Awareness Month, and we have much to share!

Over the last two decades, cybersecurity awareness has evolved from organizations simply focusing on technology to leaders understanding that it takes a holistic perspective to safeguard their business. Today, securing digital assets and infrastructure isn’t just a technical challenge but an organizational one, filled with obstacles that extend beyond IT and security into finance, human resources, and other departments. Let’s review some key challenges to successful cybersecurity, including:

• The role of communication
• Complexities of budgeting
• The talent gap
• Risks of working with third parties

Are Boards of Directors and CISOs Speaking the Same Language?

It’s no longer a revelation that cybersecurity should be on every leader’s agenda. Most are already aware of the need for employee training and up-to-date solutions. What is often less understood are the hidden challenges that come with modern cybersecurity. According to Harvard Business Review, communication needs to be front and center between Boards of Directors (BoDs) and CISOs.

While conversations are happening—a new SEC ruling requires them—they are not yet 100% aligned. In a survey of 600 board members, researchers found that 65% of them think their organization is at risk of a material cyberattack, while only 48% of CISOs share that view. This communication gap hinders progress toward robust cybersecurity practices.

Invest Now, Save Later

In the ever-changing landscape of cyber threats, a static budget is a sitting duck. Threats have evolved into sophisticated ransomware attacks, phishing schemes, and state-sponsored hacks that can’t be stopped by simply purchasing a new tool. Hence, budget allocation for cybersecurity must be dynamic and adaptable, often requiring regular review and adjustments. Here are a few examples:

• Evolving threats: As the nature of cyber threats continues to change, organizations must allocate budgets that can adapt to new forms of attacks––to do this, it’s essential to have the resources set aside to keep up with patch management for robust employee training and refreshers or even to engage with managed security services or cyber insurance.
• Skills shortage: While we’ll talk more about cyber talent next, it’s important to note that hiring skilled workers is not only a human resource issue; it’s a budgetary concern as well. Companies often have to pay a premium in salary because cyber experts are scarce, or when they don’t have a candidate to hire, they then may reach out to a managed services security company to address their cybersecurity stance. Both drive up the costs of hiring help.²

Addressing the Talent and Skills Gap

The global talent shortage is one of the most significant challenges in cybersecurity today. The 2022 (ISC)2 Cybersecurity Workforce Study highlighted a 3.4 million cybersecurity worker shortage. The World Economic Forum numbers bolster this sentiment, and nearly half of business and cyber leaders state they lack a skilled workforce. While it may be challenging for some organizations to overcome, there are some things leaders can do to help:

• Cross-training: Utilizing existing employees who can be cross-trained in cybersecurity measures can be a cost-effective way to fill the talent gap. It’s an investment in skills enhancement that pays dividends in enhanced security.
• Educational alliances: Form partnerships with educational institutions to create a pipeline of qualified graduates who can join your cybersecurity team. This long-term solution could be a win-win, offering internships or project collaborations to students while filling the talent pool for the organization.
• Leveraging AI-based tools: While human expertise is irreplaceable, AI-based cybersecurity tools can offer supplementary support, efficiently identifying threats and automating routine tasks. This can allow skilled security analysts to focus on complex issues, making optimal use of limited resources.

Partners in Tech, Partners in Defense: Guarding the Digital Chain

When organizations work together and integrate their tech systems, they face joint risks that can lead to more cyberattacks and data leaks. Organizations don’t always consider their cyber connections with the third parties they do business with. This complacency opens new paths for cyber criminals to access systems and private data. In a digital ecosystem, the security of any entity can be compromised by the weakest link. Corporations have a vested interest in ensuring that their third partners are secure. Steps can include sharing best practices or even offering cybersecurity training as part of their partnership agreement.

Integration Is the Key: Building a Cohesive Cybersecurity Strategy

While each of the elements we’ve discussed—communication, budgeting, the talent gap, and the role third-party partnerships play—are critical in their own right, their true power lies in integration. Cybersecurity shouldn’t be a siloed idea; it’s a collective responsibility that requires concerted effort from all parts of an organization.

Transcending Speeds and Feeds: The New Playbook for Cybersecurity

1. Normalize continuous communication between leaders and the BoD:
2. Budget holistically: Integrate cybersecurity budgeting as a cross-departmental concern, considering human capital, tech upgrades, and third-party risk management.
3. Invest in talent: Allocate a portion of your budget to train current employees, partner with educational institutions, and employ AI-based tools as force multipliers for your human talent.
4. Vet your partners: As part of your cybersecurity strategy, engage with third-party partners to elevate their security postures, thereby minimizing vulnerabilities across the supply chain.
5. Review your systems regularly: Conduct periodic reviews of the entire cybersecurity landscape, including internal operations and external partnerships, adjusting strategies and budgets as required.

As Cybersecurity Awareness Month unfolds, let’s remember that knowledge is the first step, but proactive participation is the game-changer. This month and beyond, seize the opportunity to revisit, revitalize, and integrate your cybersecurity efforts to not only protect but to enable your organization to thrive in the digital age.

1. IANS, How Security Budgets Break Down, June 2022
2. Forbes, If US Loses The War For Cyber Talent, It Loses The Cyberwar, Oct. 2022
3. Forbes, How To Ask For A Cybersecurity Budget, August 2022