Issue Fourteen
May 2022
After more than two years of the pandemic, social unrest, the so-called Great Resignation, and now economic inflation – people are more aware than ever of where they work and where their money is spent. The complexities of sustainability - in a highly digitized, post pandemic world - move beyond agriculture and energy and into everything we experience.
For example: the very digital transformations that spurred business agility and flexibility, like the hybrid work model, also introduced technology sprawl and other ramifications that were nearly impossible to prepare for. From digital literacy to workforce retention to a nearly immeasurable attack surface, industries across the board are faced with the complexities of sustainability - a type of disruption that challenges the very frameworks businesses were built on, and it must be met by challenging the status quo head on to sustain this “new normal.”
But disruption is nothing new. We’ve faced periods of disruption since the beginning of time. For some, it introduces challenges in a way that slows progress. For others, disruption becomes an opportunity to differentiate and leap forward. The way in which organizations perceive disruption - before, during, and after - is intrinsically tied to their success. So how do we shape this perception, from the boardroom to the breakroom, to capitalize on such a rare opportunity?
This month’s issue of Target Lock serves as an invaluable resource, to provide suggestions on building digital acumen, moving beyond security culture bottlenecks, adding cybersecurity to ESG goals, and leveraging cybersecurity not as a cost center but a revenue driver. An issue timelier and more valuable than any other we’ve ever released. Enjoy.
ZEROING IN
3 ways building digital acumen can impact business success
We all had to move quickly to maintain operations during the lockdown of the pandemic. This meant adopting new technologies to keep our teams connected as they “worked from anywhere.” Adoption at a pace that – in many cases – was far too rapid to truly grasp the power of this new interconnectivity. As cliché as it might sound, with great power does come great responsibility.
That responsibility has come into the spotlight as of late. As teams now grapple with technology sprawl and digital literacy, a great reckoning is emerging for business leaders to foster a new environment of collaboration and education. One that strives to better align the people, processes, and technologies acquired during the pandemic to positively impact business outcomes.
“Technology alone doesn’t foster better collaboration, eliminate siloes, or elevate performance – people do. We have to continually encourage our people to embrace new ways of working, seek learning opportunities, and develop their skills as we roll out new tools or new practices.”
In building this new level of digital acumen, we create environments in which we reinvent the customer experience and the employee experience, we future-ready our team members by advancing their skillsets alongside the advancements in technology, and we create a culture that not only retains our existing talent but entices new talent to come aboard and continue their development.
Moving Beyond Security Culture Bottlenecks
Workplace culture is one of the most critical aspects of attracting and retaining talent, but as previously noted, it isn’t simply about how much fun the work environment is any longer. It is also about establishing and protecting a mindset that is as productive as the team – and today that mindset must include the desire to grow, develop, and protect the organization.
In order to accomplish this, we must begin to reshape the narrative and invest in our most important assets, our people. But shaping culture isn’t easy. It’s full of nuance and biases and requires navigating the complexities of human nature, all of which introduce opportunities for misinterpretation and miscommunication - two things that can be detrimental to the sustainability of the culture and the security of the business.
“No amount of knowledge has ever prevented a data breach; it is only what someone does at the point of decision (with or without specific knowledge) that will prevent a breach or allow a breach to happen. Everything you do needs to account for human nature.”
One of the most common conflicts with human nature, and ironically a common tool used to protect the organization, is policy. Policies are oftentimes drafted and implemented poorly, absent of the contextual nuances of the business, and they create friction points that team members see as obstacles to their daily work rather than safety mechanisms to protect them.
Another common bottleneck in shaping a culture of security comes in the form of leadership authenticity. Leaders have to walk the walk if they’re going to talk the talk. You can not expect the team to believe in protecting the purpose if leadership doesn’t model the behavior they expect to see in the staff. This is arguably the most important aspect in setting the tone and, ultimately, in success or failure.
“If your security program sends out a lot of great information but your people don’t change their behavior, it’s because you haven’t given them a reason to care.”
Cybersecurity is an environmental, social and governance issue. Here's why.
Social and environmental goals are on nearly everyone’s agenda, so blending cybersecurity into the mix is a great place to create those advocates. After all, it is our responsibility to protect not only the business, but the relationships that help us continue to grow the organization. This includes our team members, partners, supply chains, customers, clients, and everyone that has come to rely on the business. We must begin to frame our Environmental, Social, and Governance (ESG) goals with this notion in mind.
“Cyber risk is the most immediate and financially material sustainability risk that organizations face today. Those that fail to implement good governance on cybersecurity, using appropriate tools and metrics, will be less resilient and less sustainable. This in turn has an impact on the other organizations they rely on, and ultimately on the stability of companies, communities, and governments.”
This becomes increasingly relevant as we look at the fact that intangible assets now account for 90% of the asset value of modern organizations. These are assets that are not physical in nature and are in many cases massive amounts of data being collected after pandemic-driven digital transformations – giving immediate validation to having a sound cybersecurity strategy built upon solid frameworks.
And while cyber insurance has been the default solution for many, the lack of security controls and subsequent increase in breaches is changing that. Insurers can no longer afford to bear the burden of protecting the organization and are requiring attestation to a heightened standard of cybersecurity to ensure coverage.
All of this ladders up to our social responsibility to not only build organizational resilience but to establish the ability to measure its maturity. Sustainability relies on the understanding that eliminating all risk is impossible and therefore building resilience is non-negotiable.
Cybersecurity Can Boost Your Bottom Line: 3 Often Overlooked Opportunities
The historic tendency for most business leaders has been to look at cybersecurity as a cost center. After all, this entire discussion has been about investing in people, processes, and technology. The operative word, however, is investing – and just like any good investment it should pay a return.
The return for building a culture of security comes in many forms, many of them in the way of unexpected, yet repeatable, efficiencies.
Effective incident response plans are designed to mitigate disaster as quickly and efficiently as possible. When it comes to any cyber incident, time is of the essence. The processes are intentionally lean, removing bureaucracy and friction, to get the business fully operational as quickly as possible.
Applying this logic across the entire organization is an opportunity to evaluate efficiencies and resilience, empowering stakeholders with a clear understanding of where investments need to be made.
When properly applied, the core principles of information security - confidentiality, integrity, and availability, provide an incredible foundation for compliance to be built upon. Efforts towards obtaining ISO 270001 certification and SOC2, PCI, and HIPAA compliance are significantly less cumbersome, therefore reducing time, energy, and costs.
Cybersecurity frameworks can measure maturity and are significant advantages when responding to RFPs. Additionally, marketing teams can leverage this information to build the brand, as businesses are increasingly concerned with who they partner with. Having your brand and reputation security front and center is a clear and decisive advantage in gaining new business.
"The great Zig Ziglar is often quoted as saying, 'If people like you, they’ll listen to you, but if people trust you, they’ll do business with you.' Savvy business leaders recognize the hidden advantages of their investment in cybersecurity and leverage them for success."
