October is Cybersecurity Awareness Month and the first thought that comes to mind for me is the famous quote by Mike Tyson: “Everybody has a plan until they get punched in the mouth.” The world has experienced tremendous changes over the course of a few short months. Businesses, governments and consumers all have been under pressure to ‘keep things going’ while operating in a world in upheaval and change. When we were all “punched in the mouth”, cybersecurity risk management went out the window when faced with the need to balance extraordinary challenges related to wellness, work, and family. Many organizations are taking risks driven by the current disruption. We must learn how to rapidly move from the reactionary posture we are in to a sustainable, agile digital world where our newly found technology dependence is appropriately understood and managed.
Globally, we’ve increased our reliance on mobile and collaboration technologies and had to quickly and agilely transform the way we work with a huge portion of the workforce now remote. The obvious technological evolution of the past 20 years – that data and services are not bound to a physical location – has been made clear to all. It also brings an added focus on data-driven capabilities to drive efficiencies (e.g., transportation uses rider statistics to better staff and serve customers). Businesses and governments are experiencing a heightened awareness of how important rapid deployment of technology is and the importance of managing risk well.
It is highly likely we will never go back to our previous operational posture, and as a result, our risk posture has changed entirely. Digital transformation is no longer a journey – we have arrived! Digital dependence is our new normal. We must immediately assess how to trust our digital infrastructure in this new environment. We must also find ways to keep up with rapid technology adoption and securely enable our workforce. Many have rapidly deployed technology capabilities that they now must optimize, enhance and evolve.
Going forward, organizations may be challenged to invest the time for the traditional vendor risk management processes; to exchange questionnaires or poke and prod into every security and privacy practice of every technology solution they need to deploy to keep their businesses running. To determine, across a fragmented vendor landscape, if a vendor makes money off their data? Has it built a resilient service that can be relied upon? Does it keep data from the hands of governments? Does it stand behind the security, privacy, and trustworthiness of the technology?
Organizations need to accelerate their decision-making by knowing that they are doing business with a technology partner that prioritizes trustworthiness, transparency, and accountability. When they do, it is possible to both accelerate technology deployment and manage cyber risk.
How do you start? Take a risk-based approach to build resilience into your business with the following principles:
- Now is NOT the time to skip security and privacy. Times of uncertainty and disruption, like we’re in, are regularly exploited by cyber adversaries. Be wary of those who that skimp on these practices. Without a doubt, organizations need to continue to adopt digital capabilities at a rapid pace. It is more important than ever to prioritize security and privacy to ensure proper risk management throughout the process.
- Choose a vendor that is explicit about their security and privacy practices and prepared to demonstrate proper application. Doing business with a trusted partner allows you to adopt digital capabilities quicker in times of urgency. Don’t waste time with vendors who don’t build security and privacy into the core of their business and operations. Understand how they bring products and services to market – from ideation to build, from delivery to end-of-life, and throughout their supply chain. Don’t shy away from asking the tough questions, like “does my information and data generate revenue?” Demand explicit trust.
- Turn the disruption into your advantage by upgrading your legacy systems and capabilities. Now is the time to adopt an aggressive strategy to make fundamental architectural changes that strengthen your cyber defenses. Take advantage of this time, while your employees are not in the office, to deploy upgrades that will take your defense posture into the next generation. For instance, move to a Zero Trust network using multi-factor authentication, device posture and other key risk mitigation capabilities. In the process, rip out the outdated infrastructure that is the source of legacy risk. Now is the time for these dramatic changes, don’t let a crisis go to waste!
Before the global pandemic, social unrest, and market volatility that came with it, we encouraged our customers to hold their standards high, especially in vetting the vendors they do business with.
Our current climate has only heightened the importance of trusted partners. Cybersecurity Awareness Month is a great opportunity to find out who your trusted partners are that can help you navigate your digital acceleration, an organization that prioritizes and embeds security and privacy, and continuously evaluates itself to meet the highest standards.
Learn more about Cisco’s journey to be a trusted partner on our Trust Center.