In episode 40 of the Growth Swarm podcast, John Siefert, Bob Evans, Tony Uphoff, and Scott Vaughan discuss cybersecurity as a business enabler from the CEO perspective, the CMO perspective, and the industry perspective. In particular, they discuss how practitioners need to both embrace the “cybersecurity as a business enabler” premise and also follow the rules that go along with it, in order to, in John’s words, “make sure that those things actually come to life.”
To hear practitioner and platform insights on how solutions such as ChatGPT will impact the future of work, customer experience, data strategy, and cybersecurity, make sure to register for your on-demand pass to Acceleration Economy’s Generative AI Digital Summit.
01:49 — John asks Scott to discuss access control and governance in the context of frameworks.
02:02 — While customers and partners need access to it, we still have to be careful who can get in and have a plan to control it, Scott says. The data is only useful if it’s accessed by the right people at the right time. The framework for this has evolved; it’s not just about protection anymore, but also offense, and it needs to be built in from the get-go rather than adding it on later.
03:17 — John asks Tony to comment on some ideas raised by Rob Wood in recent reports about connecting the dots among chief data officers (CDOs), chief information officers (CIOs), and chief information security officers (CISOs).
04:23 — Tony says that cybersecurity has moved from defense to offense, providing secure access to customers and employees with the aim of growing business, and CEOs need to understand this. The attack surface has expanded with cloud-based apps and third-party applications, which can create cybersecurity risks, but a smart cybersecurity strategy that broadens the purview to consider new areas of risk can help businesses grow, while still protecting data.
07:10 — John references Frank Domizio’s recent analysis on starting the journey to develop a zero trust architecture that takes data priority and access into account. Constant monitoring and analyzing of the setup is important, and this can be addressed with automation and AI tools. Bob is asked for his thoughts on the topic.
09:16 — In 2023, Bob says, C-suite leaders will have to identify the top three areas of cybersecurity risk and show what they’re doing to address them, not just leave it to IT or security teams. Non-tech executives need to fully understand the issues and the way they weave together on both the defense and offense side, and likely we’ll be seeing more of that this year. Those who can’t adapt don’t deserve to be top business executives in a data-driven business.
11:01 — As a senior executive, it’s important to know and tier what the most critical data is, and comply with federal regulations based on the industry you’re in. John agrees, and references recent analyses by Frank Domizio, Rob Wood, and Chris Hughes that emphasize this.
11:49 — Scott talks about how the TikTok CEO recently referenced playing defense and the importance of cybersecurity, given that there are more than nine million apps on Chinese servers. Cybersecurity needs a proactive plan, strategy, and framework, just like ESG.
12:51 — John cites some recent research from security provider Lookout on phishing attacks, which are becoming more sophisticated and commonplace, even in everyday activities like scanning a restaurant’s QR code. Employees using the same device for critical financial data and everyday no-security-required activities can increase business exposure. To get out in front and make cybersecurity a business enabler, it’s important to pay attention to research and best practices. John asks each person on the team to share their one tip for cybersecurity.
Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.
14:31 — When it comes to cybersecurity, leaders should shape, not just define, the culture of their organization, says Bob. Taking an active interest in the topic will encourage the team to be more prepared and ready to handle potential breaches. Slogans alone won’t suffice; people like what you do, not what you say.
15:13 — Business technology buying committees are broadening, with non-tech C-level titles actively engaging. As such, says Tony, C-level executives can’t assume others are taking care of cybersecurity and therefore must take responsibility as sponsors and actively involved leaders.
17:10 — Scott recommends that IT and data ladders use seminal moments like the TikTok CEO’s recent comments to elevate and drive conversations across business and technology leaders. These moments can be used to show the ramifications and translate what they mean for the business.
Want more tech insights for the top execs? Subscribe to the Leadership channel: