Over the last couple of decades, companies have expanded their digital presence by fostering technology innovation. As a result, they are able to deliver a variety of services, and reach more stakeholders with the same amount of effort and at a lower cost. Phones, computers, and other connected devices serve as a platform for delivery of services that weren’t considered before. More importantly, companies gained the ability to better understand their stakeholders’ needs. While this has brought a lot of new opportunities to scale, it has also brought many challenges to companies to protect their assets and stakeholders. There are new and more innovative ways to attack companies; meanwhile, companies are struggling to protect themselves.
In the past, security focused on physical security to protect the company within close geographical proximity. Today, our neighborhood is no longer a local district, but the entire globe and “security” has become one of the fastest growing and developing fields. Information technology is not only about software that enables a company; but rather, software that enables a company in a safe way. Information technology requires professionals to stay on top of the evolving threats of the cyberspace in addition to constantly innovate and challenge themselves to keep up with the ever evolving stakeholders’ demands. Companies need not only more security products to protect themselves; but at the same time more secure products. By building or acquiring secure products, increasing organizational efficiency and coordination, and enabling high performing technology for operations, Information Technology and security teams shape secure products, customer experience, and services without compromising either speed to market, or functionality.
"In today’s industry, there is a greater need for secure technology. Therefore, IT and security teams should not only have to focus on software, but rather-secure software"
Trust and security are now at the center of competitive differentiators. The biggest threat for an organization is failure to uphold agreements and keep valuable assets safe. For this reason, we developed the Group Security Strategy which reshapes the way we think about Security. We now focus not on notions, such as ‘Information’, ‘cyber’, or ‘physical’ describing security, but on delivering Security. We are on the road to establishing an intelligence-led defense resting on adequate cyber hygiene, physical and cyber security controls, and working alongside partner institutions. This has increased organizational efficiency, closed coordination gaps, provided better visibility, and enhanced overall resilience.
By being a 325 years old institution, we learned that a strong Group Strategy should be continuously adapting to new challenges and be supported by strong implementation. Large organizations are composed of employees, stakeholders, physical locations, technology infrastructure, third-party providers, etc. However, institutional changes affect an organization by directly impacting two or more and indirectly all of these components. For this reason, in order to effectively implement a security and technology strategy in a large organization, executives should account for often disjointed nature of the technology infrastructure, locations, and have a holistic approach to better implement and adapt to changes.
It is time to adopt institutional changes that both fit technology and business units. By embracing operational changes and new technology, we will be able to innovate across the organization and reduce communication gaps between technical and non-technical employees.
Teams should focus on creating a comprehensive and robust technology strategy that takes into account the company’s specific infrastructure, talent pool, and security risks it faces. The strategy is not about innovating as fast as possible, but rather to always innovate while remaining secure. This strategy should also include effective recovery and business continuity strategies in the case of a data breach or security incident. The strategy should support the overall business objectives. Many companies find it a better investment to fund preventative measures rather than attempt to recover losses.
Security and IT teams should not be the only teams that are aware of how the technology that enables their business works. Companies can help prevent inefficiencies and cyber security incidents by raising awareness in addition to educating employees on the company’s technology strategy. Companies should also organize regular trainings to keep employees knowledgeable, vigilant, and invested in the company’s technology, and provide employees a platform through which to voice their concerns and questions. In the same vein, businesses should not look at cyber security as a separate technology entity, but should seek to integrate it into business operations and the company’s risk management framework.
In today’s industry, there is a greater need for secure technology. Therefore, IT and security teams should not only have to focus on software, but rather-secure software.