Page 189 - Cyber Defense eMagazine April 2023
P. 189

•  Convey your risk philosophy.
                       o  We can’t eliminate risk, so we rely instead on experience and intuition that inform a
                          strategic hierarchy of vulnerabilities and philosophies that drive remediation strategies.
                       o  Convey a pragmatic strategy that identifies the company’s unique threat landscape and
                          what types of attacks it’s likely to face.
                       o  Make sure to communicate what factors can be controlled, what risks the company is
                          willing to take, and how those decisions are made.

               •  Incorporate the supply chain
                       o  Work with all supply chain partners to ensure they meet your security standards and that
                          you meet theirs.
                       o  Commit to each other and to your mutual customers and stakeholders that you adhere to
                          the highest standards and best risk management practices along physical and digital
                          supply chains.

               •  Leverage a multi-pronged communication approach
                       o  Prepare PR, IR, and legal teams to move with every incident. Collaborate using the
                          Trust Center to develop a “damage report” process that makes sense of breaches when
                          they happen and communicates remediation strategy in real-time.
                       o  Integrate security posture into periodic financial reporting. After one of history’s worst
                          identity thefts in 2017, Equifax bounced back with a corporate overhaul, including an
                          annual report that specifically communicates and elevates security as an investor value
                          proposition.
                       o  Confirm to the board of directors that security costs for tools and controls can translate
                          into platform-enabled, seamless systems that deliver better financial performance.
                       o  Integrate Trust Center content into sales team materials and communications. If
                          presenting the company for acquisition or future financing, incorporate security culture
                          and updates into your pitch deck.




            Circle of Trust

            All stakeholders want confidence in their relationships and within their spheres of influence. No one wants
            to buy from or do business with companies they can’t rely on. No one can afford to buy and hold the
            assets of a company – or allow that company to acquire or merge with another – without an enhanced
            level of trust in today’s cloud-exposed environments.

            Management  must  re-calibrate  security  and  trust  as  bedrock  business  principles  and  prioritize
            transparency and cyber integrity throughout all enterprise communications.














                                                                                                             189
   184   185   186   187   188   189   190   191   192   193   194