Here are some best practices to ensure that CxOs and CISOs are on the same page to battle cybersecurity threats.
According to IDC surveys, 61% of CxOs in the Asia Pacific region have cited building resilience/mitigating risk and 63% have cited cost reduction/optimization as top business priorities.
Yet, CISOs surveyed have not been given the funding to acquire IT security investments and a shift to hybrid cloud models to address the risk issues of continuity and security. Also, improving the ability to attract and retain the workforce was seventh in terms of C-suite business priorities for 2021.
Within this “paradox of misaligned corporate priorities”, APAC CxOs and CISOs will need to be on the same page in order to complement the business and achieve true resiliency.
Best practices
The findings above, based on studies commissioned by Fortinet and IDC, show that APAC organizations should adopt a range of business and security strategies to align business and cybersecurity goals to ensure cyber resilient.
The recommendations are:
- Ensure that business and technology priorities and processes are aligned: Effective security requires ongoing reinforcement from the executive level down. Organizations have to review their security strategy and make sure it is aligned with their business priorities. With hybrid work arrangements becoming common, organizations must align business processes such as finance and HR with best practices around communication privacy and authentication. These processes should also align with cultural processes that promote effective communication in an agile, trust-based environment.
- Deploy a holistic security solution: As organizations accelerate digitalization, they have to keep up with today’s fast-evolving threat landscape. What used to be known as the ‘network perimeter’ is now splintered across the infrastructure due to the explosion of network edges, work-from-anywhere arrangements and multi-cloud models. Organizations need a broad cybersecurity strategy, implementing a platform with end-to-end security, and a transparent approach offering full visibility across the entire attack surface.
- Adopt a zero trust approach: To respond to increasing and evolving threats, best practices now stipulate a “trust no one, trust nothing” attitude toward network access. This means all users, all devices, and all web applications from the cloud must be trusted, authenticated, and have the right amount of access privilege.
With these best practices, CISOs will be empowered to refine and align their strategies with C-suite concerns, and to combat complexity and resource shortfalls today and in the near future.