Virtualization Technology News and Information
Article
RSS
Forcepoint 2019 Predictions: Cybersecurity Cultures That Do Not Adapt Will Fail

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual VMblog.com series exclusive.

Contributed by Meerah Rajavel, Chief Information Officer, Forcepoint

Cybersecurity Cultures That Do Not Adapt Will Fail

When an organization purchases services or signs a partnership deal, it undertakes significant due diligence based on financial security requirements and compliance with laws and industry standards. Today, our cloud-first, mobile-driven world sees users and data roam freely on networks, leaving critical data and intellectual property more exposed than ever. In the future, due diligence will extend to how much trust any organization can put into the security of a partner.

As such, 2019 will see the creation of industry-wide "security trust ratings." Just as there are rankings and ratings for the trustworthiness of various financial institutions, investment options, or even restaurants, the future will bring a similar security trust rating to businesses that handle, store, or interact with data. These ratings would indicate how safe it is to permit suppliers to handle PII or other critical data. How does their employee cyber hygiene stand up? Does the supplier have a history or risk of breaches?

Forward-thinking companies should plan ahead, as their own security hygiene will now be as visible as industry accreditations or certifications. There will be no way to hide from poor security habits and culture. As demonstrated by malware found in legacy systems at Micros, a division of Oracle and one of the top point-of-sale (PoS) suppliers globally, headline-grabbing hacks of supply chains not only have an immediate financial impact in the form of regulatory fines, but also damage company reputation and drive away future business.

The way to develop an improved trust rating is through change in cybersecurity culture. Security cannot just be the responsibility of the IT teams and the technologies they implement, but must become a cultural and business value that is recognized and rewarded. To build a workforce united as a defense against cybercrime, organizations must integrate security into their culture from the top down.

Culture includes much more than the climate of a specific office location or the organization's values, norms, and rules. It also includes the chain of command, delegation of authority, accountability for behaviors, and broad communication strategies. Policies that are ill-defined or in conflict with one another create confusion and misinterpretation. Any confusion regarding rules, expectations, or accountability can increase risk-including risk of a data breach.

Today's corporate cultures have expansive boundaries that extend to supply chains and other partnerships due to connectivity and use of the cloud. As large organizations change their attitudes toward cybersecurity, this will be reflected throughout the supply chain. The introduction of security trust ratings will reward companies that move beyond superficial interventions-such as "just-in-time" training-which are ineffective and can result in employee annoyance, fatigue, and apathy.

Companies that adapt their culture of security to sophisticated threats will win. However, they require systemic cybersecurity consistency across their operations and users, including their supply chain partners.

##

About the Author

 

Meerah Rajavel is the chief information officer (CIO) for Forcepoint. Rajavel brings more than 25 years of experience in information technology to Forcepoint. Most recently, she was the CIO at Qlik, a visual analytics company, where she led efforts to build an IT infrastructure and operational excellence strategy to support rapid growth on a global scale. Before joining Qlik, Rajavel led IT cloud services for all McAfee products at Intel Security. Earlier in her career, she held IT leadership, research & development and product development roles at Cisco Systems, Infosys, Nortel, Cybersource and Solix.
 
Rajavel holds a bachelor's in computer science & engineering from the Thiagarajar College of Engineering at Anna University in Chennai, India. She also holds a Master of Business Administration from the Leavey School of Business at Santa Clara University in Santa Clara, California.

Published Tuesday, December 18, 2018 7:36 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2018>
SuMoTuWeThFrSa
2526272829301
2345678
9101112131415
16171819202122
23242526272829
303112345