Cybersecurity: A business enabler and shared responsibility
Tahira Begum
Despite its geographical remoteness and natural beauty, New Zealand is not immune to an invisible threat – cyberattacks. There is often a misconception that a remote location protects organisations and makes them less vulnerable to cyberattacks, but this is contrary to reality.
As businesses increasingly embrace digital technologies and make their services accessible online to stay competitive, cybersecurity is often overlooked. Many organisations mistakenly view cybersecurity as something that slows down the pace of business transformation or solely the responsibility of the IT or information security team. However, prioritising security and safeguarding data should be fundamental considerations throughout the business transformation process.
Recently, I had an opportunity to participate in an “Innovate thought leadership series” panel discussion on “How businesses can protect their data from cyberattack” hosted by the University of Auckland Business School.
The event focused on how to take cybersecurity along the journey of the business strategy, how it acts as an enabler for businesses and the importance of adopting secure digital transformation.
Renowned security expert Bruce Schneier’s assertion that “Amateurs hack systems; professionals hack people” highlights the increased manipulation of human psychology and the critical role people play in cyber threats. The Digital Age has brought us increased connectivity, global reach, convenience, efficiency and productivity. However, it also gave rise to sophisticated and emerging threats, such as ransomware, supply chain and social engineering attacks, which businesses must prepare themselves for.
When cybersecurity practices are integrated into the digital transformation strategy—from planning to execution—existing controls across people, process and technology are improved. These include building a human firewall, providing customised awareness training to the industry sector a business operates in, and improving the business processes within each department in alignment with their functions and the technology used. When security is embedded throughout the digital transformation journey, organisations become more resilient against attacks, ultimately demonstrating a commitment towards safeguarding customer trust.
Highlighted below are some recommendations for best cybersecurity practices:
- Conduct regular training sessions for employees to keep up-to-date on social engineering attacks (phishing, vishing, quishing, smishing, AI deep fakes, and others).
- Demonstrate leadership commitment by prioritising cybersecurity in alignment with business strategy. Establish a plan of action to have updated policies, resources and support for cybersecurity and communicate the importance of cybersecurity as a shared responsibility in wider business decisions.
- Establish up-to-date security playbooks and an incident response plan. Form a Crisis Response/Incident Management Team to manage a key stakeholders contact list, deploy appropriate internal and external communications, and make informed decisions.
Lastly, the message I would like the reader to take away is that Cybersecurity is a business enabler and shared responsibility. Once embraced, it embeds well while sitting at the top board and business strategy level to lead business operations.
Tahira Begum is a cybersecurity strategic adviser and works as the Information Security GRC Lead at Fidelity Life Assurance Company.
