Collaboration – the key to cybersecurity?
In the post-pandemic era, the way businesses work has changed beyond all recognition. But those changes, which have seen significantly more people working in a hybrid model, has led to more data silos and a greater responsibility for business cybersecurity being placed on the shoulders of individual workers – even as the cyberthreat-floor has risen due to gaps in either human understanding of anti-threat behavior or the technological protections necessary to mitigate that human factor. New research from Telstra Purple, a UK managed services provider, suggests that 29% of technology sector businesses recognize the human factor as a key risk area in their cybersecurity resilience, while a staggering 75% believe that removing silos and encouraging collaboration can reduce breaches.
We sat down with Rob Robinson, Head of Telstra Purple, EMEA, to dive into the figures – and what businesses could do about them.
Traditional viewpoints and the third question.
We tend to take it as read, in this age of increasing cyberattack, that cybersecurity is fundamental to businesses that want to exist next year, and five years from now. Firstly, is that borne out by the figures? And secondly, how does collaboration form a part of the desirable cybersecurity profile?
Collaboration from our perspective is absolutely critical. Our mindset is that business is everywhere, and security should be too. A lot of organizations are focused on two key principles when it comes to security. The first is, “Do we have to do it? Are there any regulatory obligations or customer obligations or things like that, that we need to adhere to so we can tick a box and continue to operate as an organization?” The second is, “Does it save us money? What is the cost of a material breach? What are the issues around security incidents?”
As a result of that, you get a corporate mindset of “What is the minimum that I need to spend to be able to mitigate that risk and move on?”
What we’re finding now, particularly with the research that we’re doing with digital transformation and transformation as a whole, is that people are asking a third question, which is, “Can security make me money?”
An unseen enabler.
And what we found in our latest research report was that actually, 41% of the respondents found that security was a genuine enabler for their organization. And collaboration has absolutely been critical to that. Embedding security into the DNA of the entire organization, from C-level down, means that people can actually say “How can security enable hybrid working, remote working, digital transformation? How can it allow us to acquire companies more readily and more easily, and leverage that as a tool. So that collaborative approach and that mindset towards security is absolutely critical to driving business forward.
Presumably this is an individual company-to-company result, but what data do we have on exactly how the collaborative process is helping businesses do all those things that they want to do?
We get data that supports the idea that this is what’s happening when, for instance, companies change their approach. Security has moved away from being this function and this entity that’s siloed in an organization, to all of a sudden being part of the generation of a business case.
So in short, at the C-level, it is creating this return on investment that can be articulated to the board and to shareholders. So instead of being this thing that stops a project, or stops that generation of return on investment, security becomes the thing that actually gets a project over the line and encourages a board to say yes. Security in its simplest form down at the functional and the operational level means your technology is more inherently secure in terms of accessing data anywhere, so if you are hybrid working as we’ve had to do for the last three years, you can still deliver on your day job – without, for instance, a rise in cybersecurity incidents.
We’ve seen enhanced productivity with things like the adoption of team and collaboration tools, remote whiteboarding sessions and things like that. And I think that’s been a fundamental shift and a fundamental change. We’re working with a lot of global organizations at the moment who, from a collaboration standpoint, really struggled, three or four years ago to be able to deliver a cohesive, effective and collaborative working group. Now, they’re able to run whiteboarding sessions, they’re able to deliver all sorts of different technology outcomes, projects, business outcomes and deliverables in a way that’s inherently secure, because we’ve got all of this good operational security by design principles at the functional level driving business forward.
A change of business lifestyle.
It’s like the advice people are given when they want to lose weight, right? Don’t go on a crash diet, that’s bound to fail. Instead, change your lifestyle in a few fundamental ways, and everything gets better?
As you say, don’t do security as an extra thing that’s going to cost you money and create staff resistance, because like a fad diet, people will fall off the wagon and you’ll be back to square #1. Change the whole mindset, make security part of everything you do, and the benefits will flow from there?
Absolutely that! Security needs to be inherently within the DNA of an organization for that organization to be able to make much more flexible business decisions. If you’ve got security by design and security principles inherently linked to key programs and projects and business outcomes, then people are going to be more readily accepting of adopting that.
It could be at a really simple level, improving business processes and business efficiency by having those security controls in place. If people understand that and understand those benefits, then they’re going to be more inclined to adopt those new principles, those new processes and those new structures. So yeah, I think you’re right. It’s about making security inherently part of business’ culture, their awareness and their DNA.
In Part 2 of this article, we’ll talk more about adopting a people-centric approach to cybersecurity, and just exactly how businesses go about adopting that approach.
20 March 2023