Manage Third-Party Vulnerabilities
To increase their agility, many companies have embedded third parties in their value chain and infrastructure—which means organizations are dependent on the strength of their vendors’ security programs.
That makes it crucial for companies to have visibility into their supply chain. De Bont advises conducting a risk analysis of each supplier, through risk assessment questionnaires and technical testing. Leaders should also perform scenario-planning exercises to assess how supply chain disruptions could affect business continuity. From there, de Bont says, they can craft targeted incident response and disaster recovery plans.
De Bont says a software bill of materials (SBOM), which provides an inventory of all software components within a vendor’s solution, is also essential to help companies evaluate a vendor’s vulnerabilities to reduce their third-party risks.
67%
of business-impacting cyber attacks target remote workers.
44%
of executives say their organization’s growing use of partners and suppliers exposes them to a major cybersecurity risk.
Safeguard Remote Work
With more companies embracing hybrid work, employees’ homes have become the new security perimeter.
Though many companies raced to strengthen endpoint security and implement secure VPNs at the pandemic’s onset, de Bont says their threat mitigation efforts must now evolve to include not just employees but also their families, given that home networks aren’t as protected as corporate networks.
Offering security awareness training for employees and their families, paying for the use of family password stores and offering antivirus or malware protection for home devices can all help protect a growing attack surface, de Bont says.
Build Tomorrow’s Cyber Workforce
Fierce competition for IT talent has led to ongoing workforce shortages.
To overcome this barrier, companies should invest in training and career development programs, says de Bont. For example, training programs focused on emerging security approaches such as Zero Trust and Secure Access Service Edge (SASE) can help security professionals keep up with industry standards.
De Bont says businesses should also adopt workflow automation tools to streamline key elements of their security program so that security and IT teams can focus on higher-value, more strategic work.
“If your security employees are doing the same repetitive, mundane task over and over again, there's a good chance they'll get sick of that and go find a job elsewhere that's more exciting,” he says.
Cyber Resilience
Is Built On Collaboration
To successfully execute any of these strategies, de Bont says, everyone within an organization must view securing the enterprise as their collective responsibility. That means breaking down internal silos—especially those between security and IT teams.
De Bont says the most effective way to build empathy between these teams is to start with the “why,” as in why both innovation and security are key to organizational success.
Once security and IT recognize each other’s essential contributions to the company’s resilience and growth, they must work to understand each other’s unique objectives and collaborate to accomplish them.
There is a happy medium…You can be successful within IT and be secure at the same time. It requires close alignment and an understanding that both sides are trying to provide value—and see the business succeed.”
Chief Security Information Officer,
ServiceNow
Ben De Bont
46%
of security leaders are investing in upskilling cybersecurity and IT staff.