If your house kept getting burgled because you’d been leaving the key under the same flowerpot, you’d probably think deeply about why it happened and how you’d make sure it would never happen again. Why have so many businesses failed for so many years to think deeply about their cyber security strategy?
You might blame the term: ‘cyber security’ for the ingrained connection with conventional methods of defense. The very word ‘security’ makes you think of locking your door at night or writing your computer’s password somewhere ‘safe’. But it simply isn’t appropriate to be thinking about safeguarding your business from malware, that can spread across the globe in matter of minutes, in the same context.
So to combat this kind of threat, companies can’t keep leaving their keys beneath a metaphorical flower pot: their collective mindset needs a reboot. I have long held the view that security is a huge opportunity, not a hygienic corporate must-do. And I believe it comes down to four key things:
1) Reposition and re-consider Security
Within your business ecosystem, security is the refinery that will distil your data and enable it to safely reach all the key areas. As our communications infrastructure becomes ever more sophisticated and connected, rapid, secure and protected software platforms are a welcomed part of the business ecosystem – capturing, aggregating and exchanging data at unimaginable speeds and scale and creating new economies in the blink of an eye. Exciting, very exciting but what if they are not secure? When considered like this, CEOs may start to connect share price and security in a very new light.
2) Be ready for anything
The modern CEO knows the days of setting out one clear, bold course of direction are gone. The future might be uncertain but, like General Eric K. Shinseki remarked, CEOs can be sure of one thing, if their organisation ‘[does not] like change, it will like irrelevance even less’. As the IT industry continues to move from closed to more open architecture, the fast-changing technical, legal and security landscape will require creativity, versatility and vision and a more ‘open source’ approach in the boardroom, as they become increasingly shared agendas. By being ready for anything, businesses will be in a better position for opportunities to come knocking.
3) Take the opportunity to be a leader and a policy maker
One of the things holding many companies back from seizing new opportunities is fear. Take IoT as an example. It’s incredibly exciting on so many levels – but poses many unknowns, a lot of them to do with security. Where will anything start or stop in the IoT? Where will legal responsibility ultimately lie when a security flaw in the IoT occurs? What can or can’t be insured against in the IoT? What rights will robots have compared to humans? Who owns what data when?
In times of such extreme change a sense of common responsibility and purpose is required. Security (and Interoperability) within the IoT can only work on a shared collaborative foundation. Tim Berners-Lee has called for a ‘bill of rights’ to set out guidelines for appropriate use of the Internet, so how long until a change in legislation is enforced? Keeping an organisation ahead of these changes will be a challenge, but establishing yourself as a leader in the policy making field will bring reward. Not just for the practical first mover advantages, but for the mindset and behaviour that will make an organisation a valuable, relevant and effective player in the IoT business eco-system.
4) Make Security your USP, and share it with everyone
In 1958, Swedish car maker Volvo developed a three-point seat belt that could have been patented and made them hundreds of millions in the then burgeoning car industry. Volvo instead chose to share the invention, such was their belief in the importance of safety. It has saved millions of lives and the Volvo brand remains globally recognised for its core value of safety. Notwithstanding these two incredible achievements, perhaps most impressive of all is that Volvo showed a sense of collaboration 50 years before it became de facto. So in 2017 turn road safety into online security, and see what opportunity exists for you to make security your organisation’s USP.
Let it be known that when facing the Internet of ‘Threats’, the onus is on business to be proactive. Microsoft were able to remain conspicuously absent from the list of victims affected by the ‘Wannacry’ hack because they saw it coming and prepared accordingly. When hackers come knocking the first thing they’ll look for is lazy, unattended, and dated defense mechanisms. Bring positive thinking and energy to security and make it part of your business dna, and remove that key from beneath the flowerpot forever.