How do you frame the impact of digital resiliency to your C-suite?

The foremost tenant of digital resiliency is cybersecurity, because we've seen massive cyber attacks on the supply chain of multiple firms affecting true commerce. As companies move fast and digitally transform their business, security gets left behind but it needs to be everybody's initiative. Both security and resiliency must be job one for everybody, I don't care what your role is. Because however much revenue was generated from digital transformation, it can be dialed back from lack of resiliency, via ransomware, etc. That’s what happens when companies run fast with scissors. Digital resiliency is about moving smart.

Anonymous Author
The foremost tenant of digital resiliency is cybersecurity, because we've seen massive cyber attacks on the supply chain of multiple firms affecting true commerce. As companies move fast and digitally transform their business, security gets left behind but it needs to be everybody's initiative. Both security and resiliency must be job one for everybody, I don't care what your role is. Because however much revenue was generated from digital transformation, it can be dialed back from lack of resiliency, via ransomware, etc. That’s what happens when companies run fast with scissors. Digital resiliency is about moving smart.
3 upvotes
Anonymous Author
I try to deal with it within my own ecosystem. To the extent that I can be self-sufficient in terms of digital resiliency and build in whatever safeguards I need, I insulate myself with the understanding that things happen sometimes and I'll have to figure out how to deal with them. I'm worried about ransomware as a whole, but I also have a backdrop of having a campus network that I'm on so I can partner with somebody else if an incident happens. Email is likely the first thing I'm going to hear about when it's out because either something didn't get through that should have or I got some obvious spam in my inbox. When I got to Anderson, I had a guy who spent half his job on security and instead I made a team of two focus on security full-time. Out of a several million dollar major initiative budget, I spent over half a million on security. I brought in Varonis, ripped out my secure email gateway and am finalizing a replacement such as Proofpoint/Mimecast/Cisco. I’m putting in Armorblox. I'm looking at products like Code42 so that I have endpoint immutable backups. I'm looking at Nutanix hyper-converged infrastructure with VM so I have immutable server backups. Any purchase I make goes through a campus local security review so anything we bring in the door has at least been vetted. Those are some of the fail-safes that we have in place organizationally. My model is a little different because I'm not as worried on a daily basis about order-to-cash or revenue.
2 upvotes
Anonymous Author
People say “software isn't perfect” but they don't really understand that until they live through the imperfections. I worked in cybersecurity software for 10 years, and at the end I was running global sales operations for business critical support. So with the business applications lens, it’s ingrained in me that the first thought is a security review, especially if we're talking about Salesforce and their marketplace of third-party application providers. I've been in scenarios where they've passed the standard Salesforce security check—which is part of the prerequisite to get into their app exchange—but once they put that package into their environment, it's like a weed. It explodes and the things it touches and controls create a whole other ball of wax that you have to examine in terms of all those impacts.  My particular view of security as it pertains to resiliency is that it's not just about protecting against cyber attacks or DNS issues, it's about putting all of your eggs in one basket. For example, I know of companies that have doubled down on Salesforce as their single platform to build their entire quote-to-cash lifecycle on. When the Org wide outage happened I was getting texts from people saying, "We're completely sunk. We can't transact or book business. Revenue is at a screeching halt." And as I look at applications that are newer, I ask: What is the longevity of this product? How is that going to impact our ability to transact business in a sustainable and scalable way over time?
3 upvotes
Anonymous Author
From a resiliency standpoint, you have to consider the term sustainability as well. Your business may not be sustainable due to various risk areas: you can't hire the right people, or you can't get fuel to run your trucks because you don't have network connectivity. A security failure is no different: Maintaining sustainability through appropriate security behavior is important. But security is its own problem space in an organization. I've read and created a dozen business continuity or disaster avoidance and recovery plans at varying levels of complexity. I don’t typically see plans written by others that include security posture, and security protections and recovery. Why is that?
1 upvotes