Why Your Security Needs To Be Strategic 

No photo availableByIvy Kashero
3 min read
Cybersecurity remains chronically underfunded because security imperatives aren’t built into transformation budgets.
Why Your Security Needs To Be Strategic 

When business leaders think about digital strategy, they think about many things besides security: great customer experience, leveraging AI, using digital channels to scale market reach and other traditional “digital” marketing currencies.

Far too often, security is an afterthought. First, there’s a traditional refrain; “Let’s execute our digital transformation plan ASAP!” Only later does someone say, “We better protect what we just deployed.”

This can be a potentially disastrous approach for several reasons:

  • Cybersecurity remains chronically underfunded because security imperatives aren’t built into transformation budgets.
  • Transformation projects are executed in ways that are inherently more difficult to secure — thereby continuously exposing the business to more cost and risk over time.
  • Inadequate security eventually leads to a ransomware attack or other compromise that costs the business money, customers and brand value.

So how do we make security strategic?

To answer this question, it helps to understand how not to make security strategic. Businesses that fail to make security strategic typically have the following attributes in common:

  • They’re sizing security budgets based on an arbitrary number such as a percentage of revenue or IT budget — rather than basing the budget on actual strategic requirements.
  • They take an incremental approach to security improvement and hang on to ageing, obsolete technologies. It’s imperative to truly re-engineer security in the face of relentlessly intensifying cyberattacks and keep in mind our new “perimeterless” world.
  • Placing the cyber safety burden entirely on the shoulders of overworked internal staff and/or external partners who over-promise and under-deliver. Rather, organisations should take executive responsibility for mitigating business risk while optimising business outcomes.

A better way

If you’re responsible for digital strategy, these principles can help you make security an integral aspect of that strategy — and not an inadequately tactical afterthought:

  • Evolve past traditional endpoint-and-firewall style, perimeter-centric thinking by adopting extended detection and response (XDR). XDR will better enable you to quickly identify and neutralise any attackers already at work in your environment — including those lurking in the digital world of the cloud.
  • Unsure how to manage it all? Find a managed XDR (MDR) provider who will work with you as a true partner in minimising your exposure to risk. This will eliminate the inundation of trivial alerts that can overwhelm many teams.
  • Commit to frequent adversarial testing to continuously assess your security maturity — rather than just hoping you’re getting better at stopping attackers.

Remember: A strategic approach to cybersecurity may appear more expensive in the short term, but it will save you money in the long run. More importantly, you’ll be able to digitally evolve your business faster and more aggressively than your competitors, without exposing yourself and your customers to unacceptable risk.

Learn more about evolving your digital strategy to integrate maximum security.

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co