Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Meerah Rajavel, Chief Information Officer, Forcepoint
Cybersecurity Cultures That Do Not Adapt Will Fail
When
an organization purchases services or signs a partnership deal, it undertakes
significant due diligence based on financial security requirements and
compliance with laws and industry standards. Today, our cloud-first,
mobile-driven world sees users and data roam freely on networks, leaving
critical data and intellectual property more exposed than ever. In the future,
due diligence will extend to how much trust any organization can put into the
security of a partner.
As
such, 2019 will see the creation of industry-wide "security trust ratings."
Just as there are rankings and ratings for the trustworthiness of various
financial institutions, investment options, or even restaurants, the future
will bring a similar security trust rating to businesses that handle, store, or
interact with data. These ratings would indicate how safe it is to permit suppliers
to handle PII or other critical data. How does their employee cyber hygiene
stand up? Does the supplier have a history or risk of breaches?
Forward-thinking
companies should plan ahead, as their own security hygiene will now be as
visible as industry accreditations or certifications. There will be no way to
hide from poor security habits and culture. As demonstrated by malware found in
legacy systems at Micros, a division of Oracle and one of the top point-of-sale
(PoS) suppliers globally, headline-grabbing hacks of supply chains not only
have an immediate financial impact in the form of regulatory fines, but also
damage company reputation and drive away future business.
The
way to develop an improved trust rating is through change in cybersecurity
culture. Security cannot just be the responsibility of the IT teams and the
technologies they implement, but must become a cultural and business value that
is recognized and rewarded. To build a workforce united as a defense against
cybercrime, organizations must integrate security into their culture from the
top down.
Culture
includes much more than the climate of a specific office location or the
organization's values, norms, and rules. It also includes the chain of command,
delegation of authority, accountability for behaviors, and broad communication
strategies. Policies that are ill-defined or in conflict with one another
create confusion and misinterpretation. Any confusion regarding rules,
expectations, or accountability can increase risk-including risk of a data
breach.
Today's
corporate cultures have expansive boundaries that extend to supply chains and
other partnerships due to connectivity and use of the cloud. As large
organizations change their attitudes toward cybersecurity, this will be reflected
throughout the supply chain. The introduction of security trust ratings will
reward companies that move beyond superficial interventions-such as
"just-in-time" training-which are ineffective and can result in employee
annoyance, fatigue, and apathy.
Companies
that adapt their culture of security to sophisticated threats will win.
However, they require systemic cybersecurity consistency across their
operations and users, including their supply chain partners.
##
About the Author
Meerah Rajavel is the chief
information officer (CIO) for Forcepoint. Rajavel brings more than 25 years of
experience in information technology to Forcepoint. Most recently, she was the
CIO at Qlik, a visual analytics company, where she led efforts to build an IT
infrastructure and operational excellence strategy to support rapid growth on a
global scale. Before joining Qlik, Rajavel led IT cloud services for all McAfee
products at Intel Security. Earlier in her career, she held IT leadership,
research & development and product development roles at Cisco Systems,
Infosys, Nortel, Cybersource and Solix.
Rajavel holds a bachelor's in computer science & engineering from the
Thiagarajar College of Engineering at Anna University in Chennai, India. She
also holds a Master of Business Administration from the Leavey School of
Business at Santa Clara University in Santa Clara, California.