14 Oct 2022
by Mark Brown

Achieving organizational resilience through digital trust (Guest blog by BSI)

Guest blog by Mark Brown, Global Managing Director, Digital Trust Consulting Services at BSI #Cyber2022

In today's interconnected world, everything from plant equipment to safety and emergency systems can be accessed remotely. This creates inherent risk and vulnerabilities that can be exploited by cyberattacks. To counter this, organizations should understand the impact of digitalization on their people and ensure they are trained to protect and secure the integrity of digital systems, platforms, and hardware. Given the mass migration to remote and hybrid working over the last two years, this task takes on even greater significance. In general, businesses need to do far more thinking about how technology, innovation and collaborative working can improve organizational resilience. If digitalization didn’t exist, operational resilience could not have happened in the way it has.

The journey to digital trust

Digital trust is a critical part of ensuring your organization’s reputation and resilience, and it is fast becoming a core part of corporate culture. Failure to implement and embed deep digital trust will undermine information and organizational resilience. When it comes to protecting information, trust is our most valuable ally. Businesses recognize the scale of the digital transformation upon them—everything from cybersecurity and information security to AI, where the ethics are at least as important as the software.

Tearing down the walls

The world is at an information resilience crossroads. Information security has traditionally been a compliance topic driven by sector-based regulation, national regulation, or stock market-listing compliance rules. In other words, organizations have traditionally focused on security because they have to, but few have understood the benefits, and most have only counted the cost.

Today’s reality is that digital transformation and Industry 4.0 are happening. We’re seeing a frenzied rush to cloud adoption. Information resilience is no longer just about security; it’s about whether organizations making multimillion dollar investments in technology can trust that it’s going to deliver as intended, whether teams are going to embrace these new technologies and new ways of working and whether suppliers are going to provide a trusted digital ecosystem.

Investing in the cyber castle

Organizations are putting significant funding behind their efforts to make their cyber fortresses impregnable. However, organizations face tough investment decisions and must adapt from traditional compliance mindsets to balanced risk management decisions. The boundaries of an organization have all been torn down. In 2022, information resilience is all about harnessing how companies can leverage digitalization to enable their business going forward. Not so long ago, it seemed the value of a business was approximately 80% based on its tangible assets and 20% based on intangible assets and goodwill. That has now flipped completely, and a significant proportion of that intangible asset is the information around its product, its customer, and its unique differentiators to gain market share. If you lose any aspect of that information privilege, the value of your company reduces.

Taking the right steps

It is against this backdrop that information resilience and the establishment of digital trust through detection, disruption and deterring cyber adversaries is now a key organizational resilience priority. Addressing it, however, is not straightforward. Smaller companies that lack internal IT expertise are putting their faith in global supplier giants such as Microsoft, AWS, and Google, but there is a sense that storing and processing data in the cloud is based on an expectation of a safe, secure ecosystem. Companies should validate these expectations through supply chain controls, such as SOC2 reporting, which ensures that the controls included are in place and operate effectively.

Larger organizations should continue the trend of reworking information security management at a corporate governance level. More should be invested in information security training, and companies should clamp down on the use of software or platforms that have not been vetted and sanctioned centrally.

Original source: https://www.forbes.com/sites/forbestechcouncil/2022/09/19/achieving-organizational-resilience-through-digital-trust/?sh=3d87841111e


Help to shape and govern the work of techUK’s Cyber Security Programme

Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.

*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.


Upcoming events 

Cyber Innovation Den

On Thursday 3 November, techUK will host our fourth annual Cyber Innovation Den online. This year we’ll explore efforts being made to realised the ambition set out in the National Cyber Strategy, with speakers taking a look at the progress we’ve seen to date, including the foundation of the UK Cyber Security Council, the reinvigoration of the Cyber Growth Partnership and the continued growth in the value of the sector to the UK economy.

Book now!

Cyber Security Dinner

In November techUK will host the first ever Cyber Security Dinner. The dinner will be a fantastic networking opportunity, bringing together senior stakeholders from across industry and government for informal discussions around some of the key cyber security issues for 2022 and beyond.

Book now!


Get involved

All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.

lock-tech-security-web-training.jpg

The Cyber Management Committee sets the strategic vision for the cyber security programme, helping the programme engage with government and senior industry stakeholders.

Office-working-laptop-196947631-web-1500px.jpg

The CSSMEF is comprised of SME companies from the techUK membership. The CSSMEF seeks to include a broad grouping of different SME companies working in the Cyber Security (CS) sectors.

 

 

Authors

Mark Brown

Mark Brown

Global Managing Director, Digital Trust Consulting Services, BSI

Brown has over 30 years of experience in cybersecurity, data privacy, and business resilience consultancy. He has previously held roles at Wipro Ltd. and Ernst & Young, among others. His wealth of knowledge includes extensive proficiency on the internet of things (IoT) and the expanding cybersecurity marketplace, always focusing on cybersecurity’s strategic enablement and risk protection elements.