Light Dark
October 4, 2017 By Nir Carmel 3 min read
CISO
Application Security

When I think about my family vacations from childhood, I remember camping trips, hours on the beach, sharing stories around the campfire and the fun my siblings and I used to have in the back seat of the car — jumping on each other, switching seats and hopping from the third row into the front seat. Half the fun was enabled by the fact that we had no seat belts.

I also remember how frustrated we all were when they made seat belts mandatory — how we complained, cringed and pushed back when our parents forced us to put it on, and how annoying, restricting and uncomfortable the seat belt felt. But the interesting thing is that, within just a few weeks, putting on a seat belt became second nature. When we stopped dwelling on it, the seat belt no longer felt itchy and uncomfortable.

Read the Forrester Research Study: Future-Proof Your Digital Business With Zero Trust Security

Buckle Up for Safety

The seat belts in our cars and the cybersecurity in our organizations are more similar that you might think. Both were once seen as unnecessarily restrictive burdens and are now considered essential to our safety and, in the case of cybersecurity, the integrity of our sensitive data.

We all know that putting on your seat belt or applying security measures is the smart thing to do because it can save your life — or save your business from a security event — but we are often too lazy or too focused on other things to do the right thing. In fact, we often wait for a new regulation to force us to take the right security controls.

Just like the seat belt in my car, cybersecurity can easily become second nature to your organization. The sooner you embed security into your decision-making process, the sooner you can negate the belief that security slows down the business.

A chief information security officer (CISO) can help you accelerate your digital transformation and support business goals by adhering to the following principles:

  • Develop a risk-based approach to all business and IT initiatives.
  • Protect the data, not just the infrastructure.
  • Consolidate identity across all platforms, including on-premises, cloud and mobile.
  • Understand that compliance is just the first step, not the end goal.

Increased Collaboration Drives Digital Transformation

In a recent presentation at the Cybersecurity Nexus (CSX) conference, I was reminded about my childhood experience with seat belts. It’s amazing how something that seems uncomfortable at first can quickly become just another fact of life — one that ultimately keeps you safer. More specifically, I explored how line-of-business (LOB) executives and information security professionals can and should work together to implement security controls, adopt a risk-based decision-making process and drive the next wave of innovations to support business growth.

This digital transformation can serve as a great opportunity to revamp your security program to foster greater collaboration between the IT team and LOB executives. To begin the process, the CISO should first locate the organization’s sensitive data, then consolidate identity and access management (IAM) and device management controls. Finally, the CISO should infuse these strategies into the organization’s DevOps processes.

LOB executives, for their part, must consider security risks when making business decisions, and understand how the CISO’s efforts can actually benefit the business by empowering consumers and encouraging collaboration based on real-time security data. This enables the organization to efficiently release and adopt new applications to drive growth and optimize security programs that are aligned with business goals.

These cybersecurity measures are designed to help businesses meet their goals and sustain growth, not to impede progress or productivity. An open line of communication between security and business leaders is all it takes to quell executives’ fears and demonstrate how, like a seat belt, cybersecurity can save your organization in the virtually inevitable event of an accident.

Learn More

To learn more about unleashing your security team’s true potential and accelerating your digital transformation, download the complimentary Forrester Research report, “Future-Proof Your Digital Business with Zero Trust Security.”

Read the Forrester Research Study: Future-Proof Your Digital Business With Zero Trust Security

 |  |  |  |  |  |  | 
Nir Carmel
Information Risk and Protection Offering Strategy, IBM Security

More from CISO
November 13, 2023

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

October 27, 2023

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

October 10, 2023

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

August 3, 2023

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature