GUEST: Dorene Rettas, Managing Director of Cyber Security Hub
You already have enough to worry about in your business without adding the risk of public scandal, loss of customers, and potentially business-destroying civil liability.
We’re talking security threats, and how your business needs to be proactive about this ongoing and constantly changing challenge.
Cybersecurity is constantly evolving, and so must you.
“My challenges four months ago were very different than my challenges today. And probably in six months they’re going to be very different.”
managing director, cyber security hub
According to the CSH website, in order for “expert practitioners and end users to gather more data and awareness about Cyber Security, IQPC launched cshub.com, a new website dedicated to the impact threats, attacks, and breaches are having on the enterprise.”
Rettas explains, “We want to be the place our audience can turn to, to get information that they can take back to their roles in systems or educating their board, and making their jobs easier.”
Nowhere is safe.
She’s not an alarmist, but Rettas sees potential cyber dangers almost everywhere. Every single industry regardless of size has to address cyber security. Those who don’t, do so at their peril. Because even if you don’t think your data is valuable, hackers do.
Particularly vulnerable industries include: local, state, and federal governments, financial services, healthcare, manufacturing, and (ironically) technology.
“The world is becoming fully digitized. This means the constant movement of electronic data, and the risk of exposure and breach. It is critical for employees and IT security to understand the goals of protecting the employees’ and clients’ data.”
managing director, cyber security hub
If it can destroy your business with just a few mouse clicks, it needs to be an executive priority.
In order to be proactive and stay ahead of the criminals, companies need to take the threat much more seriously than most currently do. In larger firms, a Chief Information Security Officer needs a seat at the executive table.
“We’re so past the point of being reactive, it’s unacceptable. Risk-assessment and threat-intelligence are a must. When organizations focus on digital transformation, CISOs have to be involved in the process at the early stages.”
This can be a thankless job.
“That old adage about IT being the enemy, if you speak to CISOs, it’s not the case. They understand what the employees want, and what the optimal user experience should be, and they are trying to balance the two. They want to do the necessary digitization and still protect the assets,” says Rettas.
You are now responsible for the security of your subcontractors and partners.
This process sometimes comes along with a learning curve and some growing pains, even within her own organization. They recently had to end a contract with a prospecting platform that the sales and marketing team really liked. “And they were appalled!” But compliance issues are serious business.
If you do business with the EU, not only do you have to be compliant with the General Data Protection Regulation (GDPR), it’s critical that you be sure that your partners are, as well. If they are not, and you’re interacting with their data, there’s a risk that you could be penalized.
Cyber security can enhance your marketing segments’ quality.
There is a lot of skepticism and fear in the enterprise trenches about cyber security threats and preventative measures, but Rettas points out that at least some of it is misplaced. There are even unexpected upsides.
For example, as a result of new security measures, more restrictions are being put in place for filtering email. This might make it difficult for some companies to do business, but for those who take the long view, it works in their favor.
Dorene states, “Look at double opt-in as an example. I’m not sure that it’s going to drastically decrease engagement. What it will decrease are inflated numbers. But if the folks who really want to consume your content are checking the box, do you really care about those other [lost] people?”
“Think about all of the noise in your inbox, if you’re only getting stuff you care about, it’s top-of-mind and gets interacted with much quicker.”
managing director, Cyber security hub
Remember that cyber security is an ultra-marathon, not a sprint.
Rettas reassures folks that everything will shake out and be fine. It’s simply a matter of teaching folks what they can and cannot do, and putting appropriate policies in place.
“Awareness is key. CISOs might roll their eyes at this, but I believe there’s going to be more acceptance from employees regarding cyber-security initiatives. They’re consumers, too. Media is covering it constantly and there’s more awareness of the threat.”
MANAGING DIRECTOR, CYBER SECURITY HUB
Are the cobbler’s kids shoe-less?
How does Rettas grade the efforts of anticipating and countering cyber-treats within her own organization?
“We’re fairly proactive. Because we’ve been writing about it and knew it was coming early on, we’ve been a little more proactive.”
If you do not use iTunes, you can listen to every episode here.