[BreachExchange] Why Cybersecurity is a Business Manager's New Best Friend

[Audrey McNeil]

http://www.cmswire.com/information-management/why-
cybersecurity-is-a-business-managers-new-best-friend/

Say "Silicon Valley startup" and people think innovation. And innovation
for many is synonymous with the creed, “Move fast and break things.”

But when Zenefits was caught up in a regulatory scandal, the company
reinvented itself with a culture of compliance to regain consumer trust in
its software. Companies pursuing innovation and agility are now investing
in trust as a competitive differentiator.

Trust: The New Competitive Edge

Asking customers to share their data and asking business executives to rely
on new technologies requires a leap of faith. Trust, compliance and privacy
are the foundations of competitive differentiation in the digital age.

Cybersecurity always lags behind new product features, but critical
failures have forced a reevaluation of priorities. Attacks on critical
infrastructure, from nuclear plants to voting machines, have brought
cybersecurity to the forefront for consumers.

On the corporate side, companies in all industries are forming strategies
around cloud and IoT. The ability to execute on information security and
privacy assurances will determine whether their use of these emerging
technologies is a catalyst for success or failure.

With nearly every company leveraging the internet for processes, services
and channels, cybersecurity has become a business imperative.

Bad Cybersecurity Is More Expensive Than Ever

Digital supply chains, connected products and data collection and analytics
means companies have a harder time protecting confidential data and more to
lose when they can’t. The cost of a data breach has arguably remained below
the rate necessary to change behavior — or perhaps companies just
underestimate the fallout.

Either way, the cost of a data breach has risen — and will continue to do
so. Regulators are taking a firmer stance on cybersecurity lapses, led by
the European Union's General Data Protection Regulation.

The new law will raise maximum fines and expand liability to any company
holding data on EU citizens. TalkTalk, a UK telecomm company, suffered a
record fine, plus a 4.4 percent loss in market share and an 11 percent
stock price decrease tacked on to the cost of the data breach. In the cases
of TalkTalk and Yahoo, security failures have also threatened vital mergers
and acquisitions activity, with Yahoo forced to take a $350M price cut from
Verizon after the revelation of two record-breaking breaches.

Consumers have grown weary of hackers stealing their information, forcing
companies to factor in the costs of lost revenue. Twenty percent of
consumers claim they will stop shopping at a retailer if they learn the
company suffered a data breach, and an additional 49 percent would wait six
months for trust to be restored.

While customer databases make up the majority of the volume of stolen data,
corporate espionage and intellectual property theft threaten
competitiveness, the lack of which is devastating to any company.

Infosecurity: A Business Manager’s New Best Friend

For decades, IT security held the reputation as the “Department of No.”

Now security teams who can consciously say “yes” are moving the needle for
their organizations. If a company wants to eliminate all of their data
centers by 2018 to take advantage of the cost benefits of cloud, they need
to first address the security needs. If an airline’s connected devices can
disrupt flights, IT is responsible for preventing malicious or accidental
outages. If developers across global offices need to collaborate on a code
repository platform to meet the development schedule, IT needs to enable a
solution.

As information technology becomes a core competency for companies in all
industries, the Chief Information Officer (CIO) has stepped into the COO’s
role, and the Chief Information Security Officer (CISO) has replaced the
CIO. Cybersecurity has a strategic role in driving competitive advantage on
two fronts: internal operations and external products.

A business-friendly IT security department can reduce operational costs,
increase efficiency, and even help attract and retain talent. Take the
example above of eliminating data centers, or imagine a global
pharmaceutical company that needs a secure platform to communicate with
hundreds of thousands of sales contractors worldwide. Cybersecurity teams
who solve the tough puzzles will keep their companies agile and competitive
in the digital age.

On the consumer-facing side, cybersecurity has become an integral component
of product design. Just as pizza consumers might decide between Dominos and
Pizza Hut based on the usability of their pizza apps, banking customers may
opt for the provider with superior cybersecurity capabilities.

The same goes for healthcare providers, payment applications and even
social media. Successful cybersecurity departments not only deliver more
secure products, but they also influence the speed of product and
application development.

The industry still has a long way to go in certain emerging technologies
like IoT. The Mirai botnet conducted a record-breaking DDoS attack last
September by exploiting IoT devices set to the default passwords. Yet
market forces will hold providers accountable for security moving forward,
especially now that the Mirai attack has drawn attention to the
vulnerability. Seventy-four percent of millennials and 63 percent of Gen
Xers would use more IoT devices if they had greater cybersecurity
assurances.

A New Day for Information Security Teams

Cybersecurity has arrived as a core competency for any company leveraging
technology internally or in their products — in other words, almost every
organization.

By shifting their longstanding focus on preventing data breaches to one
that facilitates internal process and delivering superior products,
information security teams will help their organizations stay competitive.
Instead of being the target of blame, IT security can now share in the
front-office glory of their company’s success.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170314/1af4c2f8/attachment.html>