Why organizations should take the lead on security

Why organizations should take the lead on security
(Image credit: Shutterstock)

Now is the time for organizations to take stock and build for the future and lays out the steps they need to take in order to be resilient and cope with whatever may be thrown at them. This means getting on the front foot when it comes to cybersecurity, consolidating past investments and aligning IT with the whole enterprise.

About the author

Emma de Sousa is EMEA President of Insight.

According to McKinsey Global, companies accelerated digitization projects by three to four years in response to the global pandemic. Rapid change was essential to quickly adapt to new ways of working and ensure businesses could still operate ‘as usual’. Now that the dust of last year’s events is settling, organizations must take stock, learn the lessons of 2020, and ensure they are ready for future challenges.

So how can businesses prepare themselves?

A proactive approach to governance, security and compliance

First, businesses need to get on the front foot when it comes to governance, security and compliance. Security is a key example of where organizations rapidly shifted budgets and priorities, managing the added security risks that came with new ways of working. However, to build resiliency and help prevent long-term reputational and financial damage they now need to take a proactive approach.

The first step in building this proactive approach is understanding the whole threat and risk landscape. This needs to consider factors such as different ways of working, including flexible and remote working; the consequences of a data breach; and the security threats organizations face. For instance, with phishing attacks by far the most common form of breach or attack according to UK Government research, any audit of the risk landscape needs to take them into account.

This understanding also needs to cover third party risks, such as from the organization's supply chain. And it should include an honest gap analysis between business SLAs and the defense arsenal, recovery planning, and communications that are in place. Armed with this knowledge, enterprises can then ensure the right technologies, controls and processes are in place to mitigate the risks.

The second step is increasing cybersecurity awareness across the entire organization. Ongoing training at all levels, from the simplest cyber awareness training to comprehensive crisis planning, testing and risk management profiling, is imperative. Communication across all departments is also key, as is a ‘blame free’ culture of support so that employees feel comfortable admitting when they have made a mistake. All of this will help organizations to stay on the front foot, and ensure swift resolution in the event of an incident.

Third, enterprises should ensure they have prepared frameworks so that best practice is always followed. This shouldn’t just include security policies and procedures for business as usual, but also operating models to trigger tested and validated business continuity and disaster recovery plans when needed.

Simplify and consolidate

An essential element of governance, security and compliance, and of building business resilience in general, is ensuring the IT landscape is as simplified as possible. In 2020, many enterprises had to prioritize speed over careful and considered technology implementations, inevitably making their technology architecture more complex. While this saved the business in the short term, it can lay the ground for future problems. For instance, a more complex architecture is harder to secure; is less agile the next time the business needs to change rapidly; and will make future activity such as mergers, acquisitions and divestments more complex in turn.

The current period is the perfect opportunity for organizations to audit their IT estate and identify opportunities for simplification and consolidation. There is certainly the opportunity – Insight’s recent research shows in late 2020 63% of enterprises hadn’t consolidated their infrastructure since that March, and 73% were using multiple applications that had the same functionality, but were used by different teams in different situations.

While there is no “one-size-fits-all” route to consolidation in every organization, performing this audit will not only identify opportunities to save money – for instance, by reducing spending on unused or duplicate software licenses. It will also identify opportunities to reduce complexity and put the business in a much better position to innovate, grow and cope with disruption in the future.

Aligning and engaging the whole business

The final element in building resilience is making sure that the entire business is engaged and aligned with the approach. For instance, senior leadership teams might not understand security and risk profiles, and the potential effect on the business. Or the business might want to push ahead with new plans without taking time to consolidate. In these cases, organizations could risk employee resistance and wasted investments, leaving the business in a worse situation than before.

To prevent this, IT needs to demonstrate how it is helping meet long-term strategic goals by building organizational resilience. From the initial vision of change to analysis and preparation, to developing strategy and planning, to executing those plans, getting senior decision-makers on board will ensure the project to build resilience has the backing to succeed. Following this approach will help to equip enterprises to become more resilient, able to take advantage of new opportunities and accelerate transformation.

Competitive edge

It’s difficult to predict what the future holds. However, with the right approach to governance, security and compliance, consolidating past investments, and aligning IT management teams with the whole enterprise, organizations will be in the best position to tackle disruption head on and get one step ahead of competitors.

Emma de Sousa

Emma de Sousa is EMEA President of Insight.