Why organizations should take the lead on security Why organizations should take the lead on security


Now is the time for organizations to take stock and build for the future and lays out the steps they need to take in order to be resilient and cope with whatever may be thrown at them. This means getting on the front foot when it comes to cybersecurity, consolidating past investments and aligning IT with the whole enterprise.
About the author
Emma de Sousa is EMEA President of Insight.
According to McKinsey Global, companies accelerated digitization projects by three to four years in response to the global pandemic. Rapid change was essential to quickly adapt to new ways of working and ensure businesses could still operate ‘as usual’. Now that the dust of last year’s events is settling, organizations must take stock, learn the lessons of 2020, and ensure they are ready for future challenges.
So how can businesses prepare themselves?
A proactive approach to governance, security and compliance
First, businesses need to get on the front foot when it comes to governance, security and compliance. Security is a key example of where organizations rapidly shifted budgets and priorities, managing the added security risks that came with new ways of working. However, to build resiliency and help prevent long-term reputational and financial damage they now need to take a proactive approach.
The first step in building this proactive approach is understanding the whole threat and risk landscape. This needs to consider factors such as different ways of working, including flexible and remote working; the consequences of a data breach; and the security threats organizations face. For instance, with phishing attacks by far the most common form of breach or attack according to UK Government research, any audit of the risk landscape needs to take them into account.
This understanding also needs to cover third party risks, such as from the organization’s supply chain. And it should include an honest gap analysis between business SLAs and the defense arsenal, recovery planning, and communications that are in place. Armed with this knowledge, enterprises can then ensure the right technologies, controls and processes are in place to mitigate the risks.
The second step is increasing cybersecurity awareness across the entire organization. Ongoing training at all levels, from the simplest cyber awareness training to comprehensive crisis planning, testing and risk management profiling, is imperative. Communication across all departments is also key, as is a ‘blame free’ culture of support so that employees feel comfortable admitting when they have made a mistake. All of this will help organizations to stay on the front foot, and ensure swift resolution in the event of an incident.
Third, enterprises should ensure they have prepared frameworks so that best practice is always followed. This shouldn’t just include security policies and procedures for business as usual, but also operating models to trigger tested and validated business continuity and disaster recovery plans when needed.
Simplify and consolidate
An essential element of governance, security and compliance, and of building business resilience in general, is ensuring the IT landscape is as simplified as possible. In 2020, many enterprises had to prioritize speed over careful and considered technology implementations, inevitably making their technology architecture more complex. While this saved the business in the short term, it can lay the ground for future problems. For instance, a more complex architecture is harder to secure; is less agile the next time the business needs to change rapidly; and will make future activity such as mergers, acquisitions and divestments more complex in turn.
The current period is the perfect opportunity for organizations to audit their IT estate and identify opportunities for simplification and consolidation. There is certainly the opportunity – Insight’s recent research shows in late 2020 63% of enterprises hadn’t consolidated their infrastructure since that March, and 73% were using multiple applications that had the same functionality, but were used by different teams in different situations.
While there is no “one-size-fits-all” route to consolidation in every organization, performing this audit will not only identify opportunities to save money – for instance, by reducing spending on unused or duplicate software licenses. It will also identify opportunities to reduce complexity and put the business in a much better position to innovate, grow and cope with disruption in the future.
Aligning and engaging the whole business
The final element in building resilience is making sure that the entire business is engaged and aligned with the approach. For instance, senior leadership teams might not understand security and risk profiles, and the potential effect on the business. Or the business might want to push ahead with new plans without taking time to consolidate. In these cases, organizations could risk employee resistance and wasted investments, leaving the business in a worse situation than before.
To prevent this, IT needs to demonstrate how it is helping meet long-term strategic goals by building organizational resilience. From the initial vision of change to analysis and preparation, to developing strategy and planning, to executing those plans, getting senior decision-makers on board will ensure the project to build resilience has the backing to succeed. Following this approach will help to equip enterprises to become more resilient, able to take advantage of new opportunities and accelerate transformation.
Competitive edge
It’s difficult to predict what the future holds. However, with the right approach to governance, security and compliance, consolidating past investments, and aligning IT management teams with the whole enterprise, organizations will be in the best position to tackle disruption head on and get one step ahead of competitors.
Now is the time for organizations to take stock and build for the future and lays out the steps they need to take in order to be resilient and cope with whatever may be thrown at them. This means getting on the front foot when it comes to cybersecurity, consolidating…
Recent Posts
- Fraudsters seem to target Seagate hard drives in order to pass old, used HDDs as new ones using intricate techniques
- Hackers steal over $1bn in one of the biggest crypto thefts ever
- Annapurna’s 2025 lineup of indie games is full of tea and T-poses
- Google Drive gets searchable video transcripts
- Andor is on the offensive in latest season 2 trailer
Archives
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- October 2017
- December 2011
- August 2010