Mo Ahddoud: “Why good cybersecurity is a key asset for business”
James Thorpe
Share this content
When it comes to cybersecurity, there are plenty of misconceptions. One of the biggest is that cybersecurity is of medium or low priority and responsibility for it lies at a day-to-day, operational level. This is arguably the most dangerous misconception out there.
Through this series of articles and masterclass videos, Chameleon Cyber Consultants will examine what a strong cybersecurity strategy looks like and how to build one through informed investment from the board level down.
These articles draw on CEO Mo Ahddoud’s 25 years of cybersecurity experience to explain the logic and common mistakes he’s seen in corporate cybersecurity, while our downloadable guide offers you actionable advice to improve your own strategy.
This article starts the series by exploring why cybersecurity needs to form part of an organisation’s high level, strategic planning.
The risks of inadequate cybersecurity
Our businesses are part of a world that’s more connected than ever – and that comes with risks. Even though we began to return to normal after the COVID-19 pandemic, 2021 nevertheless saw a 50% increase in attacks on corporate networks compared to the year before.
The trends we’re seeing suggest that no business is safe from cyber criminals. While the manufacturing industry was the most targeted, finance and insurance, professional and business services, energy, retail and wholesale and healthcare were all listed among criminals’ frequent victims.
As individuals and organisations, we can’t do much about criminal activity – it’s likely to occur regardless. So, we focus on things we can control, and it turns out, one of the biggest dangers facing business is our own misunderstanding of cybersecurity.
Why cyber isn’t just a tool or a project
Another big misconception is that cybersecurity can be ‘achieved’ through a discrete project of work. There are no off-the-shelf solutions for securing your business. It takes understanding of a business in its entirety to identify risks and work to mitigate them.
There’s no end date where you can suddenly say “my business is now secure”. It’s all about getting to a level of risk that you’re comfortable with and having a plan to respond to incidents when necessary.
How cyber supports business strategy
Security and compliance decisions need to be made at the highest level. Boards understand the scope of data an organisation deals with and can classify it appropriately.
For instance, marketing data needn’t be secured in the same way that personnel files are. The same is true for supply chains – IT staff might struggle to fully capture and understand an organisation’s supply chain, while executives can offer key insights.
Gartner Vice President and Analyst, Paul Proctor, notes that cybersecurity incidents are failures of decision making rather than technology. This is part of the reason why cyber decisions are often business decisions rather than tech decisions.
I compare cyber to a more universally recognised function, sales, in the video below.
In many cases, preventing every single breach may not be possible. Instead, reducing the risk and ensuring the business can recover from an incident is how investment in cyber proves its worth. As with any risk management activity, it is a balancing act between how far the risks are mitigated and the costs of doing so.
Cyber is ongoing
Looking closely at the nature of cyber-threats and cybersecurity, we can see even more clearly that considering cyber a one-time project is futile. As your business changes, the way you collect, use and store data may change.
Those modifications come with new risks. The way employees access your network might change, like we saw drastically during the pandemic. That has its challenges.
But not only does your business evolve, so does the threat landscape it’s facing. Criminals aren’t resting on their laurels; they’re out there looking for new ways to attack organisations. This means that a solid cyber strategy looks at the present and the future to ensure organisations are secure, can recover from incidents and can continue adapting to the latest threats.
This is the reason why, when we work with a business, we consider security strategy to be a live document. It’s something we constantly refer to, review and improve with the aim of staying in touch with what’s out there.
Make the case for cyber in your organisation
Your competitors are taking cyber seriously and you should too. But what does building cybersecurity into your strategic planning look like?
At Chameleon Cyber Consultants, our mission is to help businesses understand and manage cybersecurity risks through adaptable strategies that match the evolving threat landscape. We support customers to achieve commercial objectives whilst remaining secure and compliant without unnecessary expenditure.
Those aims led us to create our strategic planning action guide for cybersecurity. This downloadable manual is full of actionable ways to embed cyber in your business’s overall strategy and ensure you’re ready for anything.
