Control Your Own Security
Digitization continues to change business at an amazing rate and in many ways. As business leaders around the world embrace ‘Digital’ to simplify, automate, and deliver innovation, they’re no longer simply using Information Technology to run their businesses; IT is enabling it. IT is the vital lifeblood of a business and we must protect it as such.
A recent Cisco survey showed that 69 percent of companies described digitization as ‘very important’ to their future growth, and 44 percent perceived it as a competitive advantage. Yet 40 percent said they’re not ready for it and won’t be for as much as three years out. Only a quarter of those surveyed said they’re actually doing something about it today. There is some serious catching up to do, and particularly around securing our digitized future.
Today, cyber is often an organization’s largest aggregate risk. My belief is that IT, with its associated cybersecurity risks, is now on par with financial risk when it comes to exposure, the level of importance for business, and for the controls we must put in place. We need well-understood and reliable security controls to manage risk, and we need to measure the efficacy of our efforts. In short, we must digitize security.
A company’s Board, CEO, and shareholders increasingly need assurance that the cyber controls are taken seriously and provable. Consider the financial controls that evolved over many decades; nearly every successful business follows them. The controls make the ecosystem work. We now need a cyber parallel.
At Cisco, we control the resiliency of our IT systems and infrastructure through measures like vulnerability dwell time, time to detect, and time to evolve, just to name a few. We apply security policies that protect not only the data that flows to, through, and from our company, but also our investments in people, processes and technology. Then, we regularly measure and assess these constructs for efficacy.
The security industry has not traditionally looked at it this way. The time has come to define and apply the controls that we need to illuminate and measure the risk, defend our organizations from threats, and realize the full benefits that digitization brings. This brief video shares some additional perspective on getting our controls under control.
Why is this so important? Because managing our security controls is essential to get right, and it’s absolutely in our control. If we don’t act on this now, someone else will tell us to, and that is a far more complicated outcome.
The Cisco Trust Center provides more information about how we support the security, trust, privacy and resilience of our customers.