Read time: 5 minutes
The kHUB Curator Team members have each been assigned a BoK section to own. This includes seeking, editing and sharing content related to that section. The curators are also sharing their perspective of various sub-sections of their chapter and contributing personal examples, experience, or related articles corresponding to the subject matter.
Chapter 1 – Strategy Insight
Cybersecurity as Part of Your Product Development Strategy
Every day we hear about companies with data breaches, websites shut down by cyberattacks, viruses infecting corporate computers and ransomware demands. Cyberattacks are becoming more sophisticated and frequent. Threats exploit the increasing complexity and connectivity of critical infrastructure and systems. With world tensions these issues have intensified. From a strategy perspective how do you deal with this?
One area to consider adding is a cybersecurity strategy. A cybersecurity strategy is a high-level plan for how an organization will secure its business, protect its assets and data, and minimize its risks. The most effective cybersecurity strategy covers both how to prevent attacks and what to do if attacks happen. It needs to cover both internal and external threats. There may also be specific threats to certain product strategies and/or threats that cross product development areas. The plan requires an integrated approach across the organization.
Steps to develop a cybersecurity strategy:
- Analyze the present situation: Before you do the strategy, find out where you are today.
- Understand the present environment. Review any recent cybersecurity incidents. Are plans in place to ensure each of these incidents do not happen again. What would be needed to do that? Evaluate the present technology, tools and the people involved in your security organization. Does what you have today meet today’s needs?
- Do a risk assessment to determine how much risk your company is taking today.
- Understand how the threat landscape is changing over the next few years. A cybersecurity strategy needs to understand the threats that are pertinent to your organization especially those that are new and evolving.
- Do a gap analysis and performance assessment as you would for your product lines to see what could be done in the future in each area.
- Decide what needs protected: Cybersecurity is more than protecting data. As we have connected our supply chains, automated our manufacturing processes, and moved to hybrid workplaces, the vulnerabilities and threats have increased. Ask: What needs protected? How are we protecting it? Who is responsible for this? How does this change as our business and corporate strategies evolve?
- Create a risk management plan: Risk, reputation, compliance, and business continuity are important factors in your planning. Develop a way to think about risk and uncertainty in this area. Look at different scenarios and what they mean to the business. Also, some businesses have compliance rules and regulations to follow. Take these into account in the risk assessment.
- Define goals: Understand your target goal state for this area. You need to strike a balance between cybersecurity and resilience and business objectives. Develop multiyear goals.
- Develop the cybersecurity strategy: Although the IT organization might be the ones who develop the cybersecurity tactics, having an overall corporate plan and strategy is key. This should be a multi-layer multi-department approach. Although most people in the strategic planning process will not be cybersecurity experts, they need to understand the attacks, scams and frauds that might put their departments and plans at risk.
- Prioritize what is most important to do when. The strategy should cover security at the workstation, personal device, operating system, software and application, data center server/storage, cloud infrastructure, and network levels. Your employees are also a crucial part of the plan. Understand how people are involved and how their actions might impact the plan.
- As your company enters new businesses and develops plans to be more efficient and effective, the cybersecurity threats and risks may change. Make sure the cybersecurity strategy supports the overall strategic plan.
- Do a multiyear high-level security roadmap that includes the steps and milestones to reach the goals.
- Develop the funding and resource plan to support the roadmap. Make sure there is enough investment in equipment, tools, training, and people to ensure the company can implement the cybersecurity strategy.
A cybersecurity strategy can help your organization be secure and safe while meeting your business objectives. By aligning your cybersecurity efforts with your business and product development strategies, the organization can achieve better business outcomes. To help you do this, here are some resources that might be useful.
Resources
About the Author
Rose Klimovich is Visiting Professor of Marketing and Management at Manhattan College in New York. She is also a Digital Marketing and Strategy consultant to small businesses and entrepreneurs.
Formerly, as the Vice President – Product Management and Product Marketing for Telx, Rose Klimovich created the Telx business strategy and developed the investment plan for new products and services in areas including colocation, cloud, Ethernet, and video conferencing. Rose’s team supported vertical markets including Financial Services, Media and Service Providers.
Prior to this, Rose was the Vice President of Business Strategy for AT&T, responsible for strategy development and investment decisions in new markets and technologies. Rose has more than 20 years of experience and achievement in designing, scaling and managing Internet, VPN and data businesses. Rose led AT&T to the #1 share position in VPN and to a leadership position in Internet Services.
Rose has an MBA and a BS in Math/Economics from Carnegie-Mellon University. Rose is Joint Chairperson of the Board of Directors of the Women’s Venture Fund.
Related Content:
#cybersecurity-strategy
#security-goals
#product-development-strategy
#Strategy