EXPERT OPINION
Efficiency doesn ’ t always go hand in hand with security . In fact , a robust security posture adds to complexity and can impede productivity .
1 . Cybersecurity needs to sit across all functions – not just within IT
Often cybersecurity is a function that sits within IT , despite having contrary objectives . The IT team , naturally , is aiming to drive operational efficiency , streamlining processes and enabling employees to complete their work as easily as possible . But efficiency doesn ’ t always go hand in hand with security . In fact , a robust security posture adds to complexity and can impede productivity , as well as the IT team ’ s Digital Transformation strategy . A much more natural fit for the cybersecurity function is at board level , where they are able to bake security into the objectives of the business and help foster a security-first culture .
2 . Understanding the inherent risk of the business
Every organisation will have some degree of risk to it – whether that ’ s in the purpose of the business , the network or supply chain it sits within , the technology infrastructure it has or , indeed , the processes implemented . At the board level , many organisations will assess and forecast for risks such as economic downturn , natural disaster or a product fault , for instance . However , evaluating cybersecurity risks is often overlooked and invariably , results in vulnerabilities or weaknesses in defences being exploited . From a public sector perspective , a board-level security advocate would evaluate the services provided by the organisation to understand where vulnerabilities may be , which services would be most impacted and how to mitigate this . It ’ s only through this level of auditing that an organisation can understand its true threat level and therefore , the standard or investment in cybersecurity defences required .
3 . Keeping security in step with transformation
As public sector organisations look to drive efficiency with service provision , Digital Transformation plays a key role here . While many are still working with legacy systems – which present their own risk – a Digital Transformation plan that doesn ’ t factor in security
42 www . intelligentciso . com