Where strategy and security meet: the formula for success

Successful businesses have a common denominator: the ability to translate critical insights into business value. Organisations need to find and capitalise on the differentiators that set their business apart. Increasingly, that’s being driven by technology, which plays a fundamental role in helping industries transform and adapt to industry and economic pressures. 

In this mix, security simply cannot be a roadblock to the rapid digital transformation needed for companies to remain competitive. It needs to act as an enabler in the world of modern remote and hybrid work, which is characterised by computing in the cloud and users connecting from anywhere, at any time, and on any device.

This means placing security at the core of business strategy and part of the DNA and fabric of the organisation. Business leaders in SA are recognising the importance of security strategy and are prioritising either the creation or extension of such as a business imperative. 

The recent IDC Cybersecurity survey commissioned by Microsoft, for example, showed 40% of business leaders identified strategy as important for upping their security posture and driving overall security transformation. These findings were part of a broader recognition of the need to invest in skilling, building a security culture to improve the understanding of security’s value to the business, as well as driving security awareness.  

More than half — 53%— of SA business leaders said skilling is a critical need to increase technical knowledge of cybersecurity, and 49% said they were prioritising building a security culture. This is going to become an even greater priority as the threat landscape continues to evolve, becoming more diverse, complex and sophisticated — and as the volume of threats continues to grow exponentially. 

IDC’s Cybersecurity research showed that 50% of business leaders are concerned with the consequences of possible security breaches. More businesses are adopting the Zero Trust model as a guiding security strategy, which assumes breach as a  prevailing principle; cyberattacks are now a case of when rather than if. 

As the pressure mounts for businesses to secure their entire computing landscape end to end, business leaders need to build a company culture that makes security the golden thread running through business strategy and informing business decisions.

Investing in end-to-end security through people, process and technology

Marrying strategy with capability to drive business value requires investing in the right combination of people, process and technology. What this means is that the technical and cultural side of security needs to be prioritised and evaluated equally: organisations can have the most sophisticated technology and comprehensive processes in place to monitor, detect and respond to breaches — but if a person gives their password away or clicks on a phishing email, it makes attacks easier and it becomes more difficult to protect the organisation.  

This is where strategy, skilling and culture come in to address the people side of the equation. Investing in skilling through both internal and external training courses can help ensure an overarching culture of being security aware and trained to keep pace with the evolving threat landscape. This could include businesses carrying out spoof attacks, such as sending out phishing emails to employees, and then identifying where further training is required. 

These efforts around security strategy and culture need to be matched equally by an investment in technology and process. The increasing number of modern businesses moving to the cloud means they are investing in cloud transformation and security as a business strategy.

According to the IDC research, cloud security is a top priority for investment for SA business leaders, with 28% of leaders stating they will move to the cloud to address security priorities.

This is because cloud security is automated and intelligent with a growing pool of automated tools and solutions that businesses can add to their security arsenal to enable intelligent, pre-emptive and real-time monitoring, threat detection and incident response. 

Many of these solutions — which use intelligent tools such as artificial intelligence to monitor the organisation’s computing environment, and then pick up, triage and act on incidents before they happen — serve as a single pane of glass through which businesses can look at and protect their environment end to end.

These tools enable security professionals to focus on security strategy and culture rather than sitting behind a computer watching and managing incoming signals that indicate attacks or zero-day vulnerabilities.

And this is good news for businesses. The sheer volume of incoming signals (Microsoft alone monitors 8-trillion every day) as well as the sophistication of the modern threat landscape, indicate that it would be near-impossible for an individual to be able to adequately protect the business.

The rapid evolution of how businesses operate, and the threat landscape this opens up for them, means security is going to become more critical — and that it has the potential to act as a competitive edge for businesses.

About this author: Colin Erasmus is modern workplace and security business group lead at Microsoft SA.

This article was paid for by Microsoft.