Three lessons for maximising cyber security investments
High-profile incidents, escalating threats and cascading impacts have raised the C-suite’s awareness of the perils of poor security and resiliency practices.
“Fortunately – or unfortunately – discussions around security and technology investment are becoming relatively easier,” Feroz Merchhiya, CIO at the City of Santa Monica, said during a CIO Dive live event.
Merchhiya joined the City of Santa Monica in July and previously held a dual CIO-CISO title at the City of Glendale in Arizona. During his four-year stint, Merchhiya said a monthslong stretch of events illustrated the value of and need for investment in security best practices.
Most CIOs don’t have to search far for the real-life implications of lacklustre security. Though the C-suite is far more informed about risk, tech leaders still have to show – and maximise – the value of cyber investments.
“The overall requirement of operational resiliency and having that technology to support that resiliency doesn’t change whether you’re in public or private sector,” Merchhiya said.
1. Beware the cost of emerging technology
Even with heightened awareness and focus on cyber, leaders are still accountable for making the most out of their resources.
“You have to be mindful of every dollar you spend, and in my mind, there’s no secret sauce to figuring out how to maximise the value,” Merchhiya said. But it starts with being realistic about what the business needs.
“Look at your assets that you have available, see what they deliver for you,” Merchhiya said. “Because as a technologist, we do get attracted and enamored by new and emerging technology.”
There’s a time and place for introducing emerging tech, but that shouldn’t be the automatic next move. Cross-referencing tools to use cases will help uncover gaps and app sprawl. The process will also assist in determining whether a new tool or technology is necessary.
2. Educate the C-suite
“There are a lot of things that can be handled by simple, basic cyber security hygiene,” Merchhiya said.
While C-suite leaders craft goals, tech leaders are tasked with knowing how to get organisations tech stack to that next level. Sometimes it requires an internal culture shift that CIOs can shepherd.
Engaging the C-suite can take different forms, from highlighting market changes or challenges as they arise to building relationships. Organisations that have a legacy mindset, which Merchhiya characterised as a reluctance to change, will require more coaxing if policies or practices should be updated.
3. Consider the return on investment
“Education goes a long way when you go back in during budget conversations and ask for investment, because they understand the context,” Merchhiya said.
Tying investments back to a return on investment analysis will also present a stronger argument for more resources. Tech leaders should work to clearly understand and explain how tools or capabilities prevented breaches, mitigated risks or expedited recovery.
“Each organisation will have those opportunities in the context of their operating environment, and they have to do that,” Merchhiya said. “But it’s a concerted effort to have to spend time in presenting that benefit … so that your business partners can understand what your investment is delivering.”
Subscribers 0
Fans 0
Followers 0
Followers