Aligning Cybersecurity with Business Strategy

Yesterday, MBN reported on the alarming rise in cyberattacks, particularly phishing, during the COVID-19 pandemic. A new study published by Forrester Consulting and commissioned by Tenable titled ‘The Rise of the Business-Aligned Security Executive’ found that cyberattacks had increased by almost 50 percent over the past six months in Mexico. Home office has taken employees out of their more secure office networks, removing a barrier that filters out malware deliveries. In addition, a lot of the phishing campaigns are linked directly to information about COVID-19, a malicious manipulation of a concerned audience.

The study also gave insight into how companies are responding to cyberattacks. After having interviewed more than 800 global businesses, Forrester Consulting found that fewer than 50 percent of security leaders are framing cybersecurity threats within the context of a specific business risk. Aligning cybersecurity risks with your business risks, Tenable states, means awareness on “how that (cybersecurity) risk is changing as companies plan and execute business strategies.”

According to the study, Tenable writes, organizations that consider cybersecurity strategy along with their business decisions are:

• Eight times more likely to be “highly confident in their ability to report on their organizations’ level of security or risk.”
• Three times more likely to “have a holistic understanding of their organization’s entire attack surface.”
• 90 percent are “very or completely confident in their ability to demonstrate that cybersecurity investments are positively impacting business performance compared with 55 percent of their siloed counterparts.”
• 85 percent will “have metrics to track cybersecurity ROI and impact on business performance versus just 25 percent of their siloed peers.”

Aligning cybersecurity priorities with business strategy has significant benefits. On the one hand, this study claims, executives will have a better understanding of how a cyberattack may compromise their systems and what the potential damage would be. As a result, executives are going to have a greater understanding of how their cybersecurity investment is aiding their company. This can help them make wiser investment choices. After all, there is no single cybersecurity solution for all. Eduardo Zamora, Country Manager of cybersecurity company Fortinet, recently told MBN: “Architecture is dependent on the politics and strategy that a company has in place.” Every company has its own characteristics and vulnerabilities, requiring a different medicine.