BUSINESS INSIGHTS
commercial team . Consequently , this approach has facilitated more meaningful conversation when we talk about IT risk .
As organisations increasingly realise the significance of a robust defence strategy and allocate resources to safeguard their digital assets , how would you suggest initiating a wellrounded investment plan ?
It is vital to understand your risk profile before you formulate a strategy . Even if the cybersecurity programme is new or has previously existed , a rigorous approach is needed . This can include a risk assessment which many cyber-risk professionals use as a starting point . I would encourage a datacentric conversation that revolves around protecting your most creative assets such as customer or employee data that flows through your organisation .
The first step is having a complete understanding of the digital assets you are protecting and performing gap analysis . For example , in the past cyber teams would buy products and have a plan to implement them within a specific timeframe and budget . The questions those IT teams should be asking are : Are those the right products and what problems are these products solving ? The value of independent thinking is critical . You should evaluate if the product is the right fit for the organisation by assessing exposures and planning .
The second part is acting on the plan of action and being patient . You need to consciously produce a return on investment back to your business owners . This is an area I have been working on with our board over the last four years . A diligent process is required here with trends being analysed every quarter which can shield investments . These reports reveal gaps and how that enables businesses to do more and reduce the security risks . Having this cost analysis data which goes beyond the cyber data increases the odds of success .
In the realm of assisting governments , boards and organisations , how does Diligent help in tackling prevalent IT challenges ? Could you outline the range of solutions you provide to your clients ?
Our unique competitive advantage is getting the data to the right eyeballs . It is important to explore different types of data . Regarding machine data , this is operational and needs to be analysed , presented and reviewed by the risk owners . However , at the board level , this data may be too nuanced giving unnecessary details . Most of the board functions are an oversight by a governance and they ' re operationally direct .
Diligent solutions have been specially designed to present high-level risk conversations or risk themes using the machine data produced at an operational level . Crucially this is performed in our platform and that is where the true value of this applies . For example , I am currently preparing for our Q2 risk committee meeting . Three years ago , PowerPoint would be my go-to software and I would have asked the team to provide the data . Today I can take advantage of the Diligent dashboard which is close to real-time board-level information allowing me to work off the latest updates . The power of our solution is mobilising the right information and translating it into meaningful conversations . This knowledge transfer is fluid meaning it can start with the board and finish at the operational level or can be moved in any other direction . including enterprise , new commerce and SASE providers . The Diligent solution is focused on pulling real-time data and our continuous monitoring allows us to have a mature impact on operations and use the data to drive risk themes with resellers . The risk owner is an important concept because without them , it is not possible to formulate risk reduction actions due to the amount of effort it requires . The responsibility of fixing these configurations and vulnerabilities goes beyond the IT team and the conversation is framed differently .
All organisations face challenges dealing with vulnerabilities because they are dynamic and occur frequently . Could these vulnerabilities relate to resources , meaning we lack the correct people or the money to procure the right solution ? By people I mean our employees and our contractors , do they care about maintaining a secure environment through due care and due diligence ? The vulnerabilities could also stem from the process . Here we have the right people with the right technology , but the process is creating more hurdles for ourselves . By using our product , you can bring the right message to the right risk owner at the appropriate time .
How do you anticipate the role of CISOs evolving in the future ?
The role is always evolving and when I became CISO 10 years ago it had already transformed dramatically . The trend has been an increase in IT transformation alongside cyber-risk . For example , AI could be both a productivity enabler and a software company that enables its features to support our customers . The CISO shift has needed to move from IT risk owner to having a trust conversation with the right audiences . The top CISOs are now able to articulate complex IT issues and align them with the business objectives , they understand that a single security solution or strategy is not going to be 100 % secure .
How do Diligent ’ s solutions make a difference to security decision-makers over other competitors ?
The market is not lacking in risk management software solutions . I worked in the banking industry for 20 years and today you see solutions at various levels
It is about having deep knowledge of your product strategy and corporate risk and going beyond the realm of data and IT will better support businesses . The biggest challenge for CISOs is to adapt their mindset , align with the business , listen to risks and instead of saying ‘ no ’, provide a collaborative solution with their business partners . x
68 www . intelligentcxo . com