Intervention

IT security in the company is a priority and concerns everyone

The increasing complexity of cyber threats, data security management and geopolitical events require additional skills, focus and responsibility than in the past

by Anaïs Beaucousin*

Aggiungi Il Sole 24 Ore
ai preferiti su Google

3' min read

3' min read

In the ever-changing landscape of corporate security, the role of the Chief Business Security Officer (CBSO) has undergone a profound transformation. Although the position has long been synonymous with protecting corporate interests, the increasing complexity of cyber threats, data security management and geopolitical events now require additional skills, focus and responsibility.

There are five ways for companies of all sizes to cultivate a culture that puts security first, from aligning security strategy with corporate vision to making security a concern for all.

Loading...

Today's security manager deals with many different risks - from fraud and cybercrime to natural disasters and geopolitical issues - across various lines of business. The key is to achieve full convergence by combining IT, IT and legal expertise with business acumen.

But where should companies start to protect themselves? The main role of the CBSO is to contribute to the growth of the organisation, keeping pace with evolving threats. To achieve this, security practices must first be aligned with the company's strategy and vision.

Take Cybercrime for example: cybercriminal groups often have business models, structures and functions that resemble those of traditional companies. Although these threats operate discreetly, awareness among customers and the public is growing. Therefore, cyber security must be present in the fabric of all activities. Aligning the security strategy with the organisational vision not only helps safeguard the company and its customers, but can also help increase the company's impact and protect its brand.

It is also crucial to ensure security by design. By prioritising the integration of security measures into all aspects of operations, a company can strengthen itself against potential threats and vulnerabilities. Integrating security by design is crucial for the company and its stakeholders. If done well, it can help foster trust between employees, customers, suppliers and partners.

It is also necessary to stay two steps ahead of threats. To do this, you need a team of security professionals and a solid plan to ensure that the company runs smoothly, even when things go wrong.

With a robust, global and integrated business resilience programme managed by a team of experts that takes into account various threat scenarios, all necessary actions are taken to help ensure that essential services remain operational for customers worldwide. In today's business landscape, there is no room for disruption; customers need assurance that the company has the personnel, technology and processes in place to safeguard their interests.

While possessing state-of-the-art security tools is critical for protection, recognising and addressing vulnerabilities beyond technology is equally vital. Human error, a significant vulnerability, is often exploited by cybercriminals using social engineering tactics or pretending to be insiders to extract sensitive information. In the field of generative artificial intelligence (Gen AI), human error can also expose vulnerabilities that cyber threats can exploit.

It is essential to carefully supervise the use of new technologies such as Gen AI to improve protection measures, ensuring that any improvements occur without compromise.

To truly strengthen safety in the workplace, everyone needs to understand why it is important and what it means. It is important to talk to employees about the impact of safety within their specific roles. If people know how their responsibilities can affect their company, customers and colleagues, they will be more likely to act.

It is equally important to have a well-defined communication strategy. You need to be able to make a judgement on what, when and how much information to share with employees without causing unnecessary panic.

Then regularly measuring security performance is vital for a strong defence. This may involve daily assessments of attack attempts and potential vulnerabilities, along with weekly or monthly reports for a comprehensive overview. Regular sharing of reports with various business units ensures stakeholders have a complete picture of the corporate risk landscape, promoting a culture of security awareness and responsiveness.

Mastering the role of CBSO therefore goes beyond technical skills: it requires continuous learning, staying informed about cyber security trends and understanding organisational complexities. This interconnected approach enables effective anticipation and mitigation of security impacts.

Continuing education is also vital for leaders, employees and partners. Protecting a company's assets and brand is a shared responsibility and, as emphasised above, the goal is to prepare staff, not instil fear. Implementing the strategies outlined here can help make a significant difference: it should not be an arduous task, but rather a collective effort achieved through small actions over time.

*Chief Business Security Officer of ADP International

Copyright reserved ©
Loading...

Brand connect

Loading...

Newsletter

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Iscriviti