Blog · 08 Jun 2021

The bold decisions CISOs need to make today

CISOs are entering a golden period of opportunity - take decisive action to shape your security strategy for the future of work.

Kevin Brown
Managing Director, BT Security

This is a rare opportunity to drive an agenda that puts security at the heart of every future step.

And we know that business leaders are receptive: security has shot up the boardroom agenda, with 58% giving improving data and network security as the issue of most importance to the organisation over the past year. More than ever, CISOs are getting involved in decision-making from the outset – and they need to be ready to lead from the front.

A time for decisive action

Organisations are changing how they operate as they begin to get a clearer vision as to what the future of work looks like.

We’re entering the era of hybrid working, where some employees remain homeworkers, others return to the office full time, and a large part of the workforce splits their time between the two. Organisations that want to win people back to the office need to pay close attention to their users’ experience – why should they stop working from home, where they’ve got a steady supply of the coffee of their choice, a comfy sofa for breaks and a good broadband connection? Offices need to play connectivity catch-up if they’re to supply the seamless experience expected for effective collaboration and productivity.

This is an opportunity to baseline what you’ve got and clear out the skeletons from your closets. It’s not often you get the freedom to fundamentally rethink how your business operates. This is a chance to be bold about your infrastructure plans and your security investments, to put your organisation in the best possible place to capitalise on growth and tackle any future challenges.

Standing firm against a growing threat landscape

As well as preparing for the future of work, organisations are recognising that the threat landscape is escalating in an ominous way and are looking to do something about it. In recent research we conducted with over 7,000 business executives, employees and consumers, 75% of executives said there are more and more security threats to their organisations every year. So companies know they have to be able to react quickly to threats, whilst also building flexibility and elasticity into their infrastructure to see them through at least the next three to four years. And it makes sense to bake security in from the beginning.

Operating during the pandemic has given organisations renewed confidence that they can make changes at pace, supported by the rise of the cloud providers. They’ve realised that agile development is a strong alternative to more traditional and slower waterfall iterative transformation, and they’re seizing the moment.

This is a critical time to rethink how your organisation operates, how you want your employees to work, and what they need from their connectivity and security.

Missing this golden opportunity has consequences

I believe that organisations that don’t make strong moves with their security now risk being left behind. It’ll be a lost opportunity to really capitalise on market growth. Users are getting increasingly dissatisfied with their connectivity and this affects operational efficiency. And, as the threat landscape expands, if organisations don’t make rapid changes to their security, their vulnerability to attack will increase.

Some organisations will be more at risk than others – it depends on where you’re starting from. If you’re already a cloud-native organisation, the chances are, you’re in good shape. But those companies that evolve their infrastructure and security slowly, tend to have to bolt on security, incurring greater costs in the long run. Being adventurous and strategic in the first instance will save you money.

The bold decisions to take today

So, where to start? Above all, be ambitious in your decisions, and focus on these areas:

1. Put your customers and users at the heart of your security plans
Explore what will enable them to work in the most productive and secure way, without security causing friction. How can you deliver a seamless user experience with invisible security?

2. Make sure security is embedded in all your plans
So many organisations today have a lot of different point solutions, but no overarching strategy. Thinking boldly now could protect your organisation against an escalating threat landscape.

3. Make sure you have visibility and control
Your data is increasingly flowing in ways that don’t involve the enterprise network, widening your risks and decreasing your control. Threat actors are alert to the possibilities these potential new weaknesses bring, so it’s vital to have end-to-end visibility, from the user / device to the application / data.

4. Embrace automation
Think about how you could use automation as a cost-effective way to take the pressure off your security team so they can focus on what’s critical.

5. Look for security partners that can help you achieve your aims
Be clear-sighted about what a co-managed security model could give you and how you could use it to stay ahead of threats. Although organisations can be reluctant to outsource completely, working with a partner on a co-management approach is an effective way to fill the gaps in your expertise.

CISOs – get involved in early strategy

Traditionally, the CISO hasn’t always been involved in shaping the strategy. However, right now, when security is at the top of the boardroom agenda, CISOs need to be at the heart of the decision-making, shaping and driving a security policy that will protect the organisation as it emerges from the pandemic.

To find out more about how our security services can support your organisation as it prepares for the future of work, please get in touch with your account manager. And if you’d like to explore our insights on unlocking the future of work – covering the three crucial pillars of collaboration, infrastructure and security – please read our whitepaper.

Contacto