Other parts of this series:
Winning the battle against cyber attacks of all kinds comes from taking a strategic, innovative and proactive approach to cyber security. As I explained in my previous post, a joint study between Accenture and Ponemon Institute LLC revealed that Leapfrog firms (those that excel at security effectiveness) differ dramatically from Static firms (those that lag behind) along six themes or dimensions of cyber security. Choosing which model to follow can make all the difference in reducing your firm’s likelihood of suffering from a cyber attack.1
Six themes of differentiation2
Firms that want to boost their security effectiveness can take a lesson from the Leapfrogs on how to better prepare and respond to ever-increasing cyber threats. Read the descriptions below to learn how Leapfrogs protect their organizations in six key areas, then think about how your firm stacks up in comparison.
1. Innovation and strategy
Leapfrogs value security innovation. In collaboration with other entities, these firms seek out new approaches to emerging problems, rather than relying on existing technologies—which is more typical of Static organizations. Leapfrog firms also embed security strategy into business strategy, basing strategic decisions on risk management and allocating the necessary resources to be proactive and innovative. Outsourcing is often a component of their security strategy, fostering faster security function maturity. For Leapfrogs, security is viewed as a business facilitator.
2. Responding to threats
Leapfrogs are proactive in addressing major changes to the threat landscape—continually adapting to new developments. Training and awareness programs that empower employees and the adoption of sophisticated monitoring tools are examples of techniques these companies use to stay ahead of evolving threats. Static firms, on the other hand, take a more reactive posture—sticking with existing solutions.
3. The CISO role
While both Leapfrog and Static organizations have a chief information security officer (CISO), in Leapfrog firms the CISO plays a much more strategic and empowered role—with a direct channel to the CEO and a strong voice in defining strategic direction. CISOs in Static firms have much less influence and are lower in the organizational hierarchy.
4. Governance and control
Leapfrogs excel at governance and measurable control, going beyond the regulatory and standard operating procedure perspective of Static firms to implement disaster recovery and business continuity management processes. Advanced governance practices are standard fare in Leapfrog firms, and security initiatives are supported by comprehensive security-based metrics.
5. Security technologies
Leapfrogs have specific security technology preferences and embrace innovation and disruptive solutions that help secure the network and the cloud. They favor feature-rich solutions that can pinpoint anomalies in network traffic; prioritize threats, vulnerabilities and attacks; curtail unauthorized information-sharing; and enable perimeter controls. Static firms tend to focus on device-related security precautions that often limit business growth.
6. Investing in security
Unlike many Static firms, Leapfrogs have a dedicated security budget that includes funding for innovation—a Leapfrog priority.
The preparedness payoff
Leapfrog-style preparedness for cyber threats can pay off substantially, as you’ll see in my next post—where I’ll give you a glimpse into some probabilities that could give your firm a needed push into leapfrogging.
For more details on making the cyber security leap, please see:
The Cyber Security Leap: From Laggard to Leader
References
- “The Cyber Security Leap: From Laggard to Leader,” Accenture and the Ponemon Institute LLC, 2015. Access at: https://www.accenture.com/us-en/insight-cybersecurity-research-report
- Ibid