‘Tone From The Top’: Cyber Security & Digital Transformation

Can Digital Strategy Mesh With Enterprise Security?

Dan Gunderman

The June 18 episode of “Task Force 7 Radio,” hosted by information security executive George Rettas, featured insight on deep-seated diplomatic tensions between the U.S. and China, and a discussion on security and ongoing digital transformations.

Rettas was joined by William Beer, of Ernst & Young’s (EY) Cyber Security Advisory Services. The topic of discussion was whether security enables (or hinders?) these rapid digital advancements.

U.S.-China Relations

In the show’s opening segment, however, Rettas broached the topic of tariffs on Chinese goods entering the U.S. He said that China has continued to pillage America’s future through the persistent theft of intellectual property (IP). The practice, he said, continues, despite promises from the Chinese government.

Rettas recapped news reports of the Trump administration placing tariffs on $50 billion-plus worth of Chinese goods. It’s deemed “punishment” for the ongoing theft, Rettas opined. The “TF7 Radio” host called the practice of deceitfully lifting IP “a disgrace.”

The host also suggested that the policy echoes Trump’s “America First” strategy, but it is a required step to malign China for their practices. Rettas reminded listeners that the U.S. has an $811 billion trade deficit after the work of previous administrations, and so steps to remediate that must be taken. Rettas said that in response, China will target U.S. goods, cars and energy, and specifically go after Trump’s supposed base in the American Midwest.

Nevertheless, Rettas said, “I don’t see us backing down on this.” He added that Americans are sick of hemorrhaging large sums of money – and trade secrets.

Rettas also noted support on the tariff from lawmakers such as Sen. Marco Rubio (R-Fla.), along with Sen. Chuck Schumer (D-N.Y.).

Altogether, Rettas said, China likely aims to dominate next-gen technologies such as artificial intelligence (AI), robotics and quantum computing.

New Challenges

In the show’s following segment, Rettas spoke with EY’s Beer, who began discussing challenges associated with cyber security and digital strategy. He cited a recent EY survey suggesting that 67% of heads of digital strategy expressed concern or reluctance to proceed with initiatives because of cyber security. Beer called cyber “top of mind” for executives.

On what’s “disrupting” the space, the “TF7 Radio” guest said, “Folks talk about emerging technologies such as the cloud, blockchain and RPA (robotics process automation). I personally believe these technologies have already emerged.” He added that a current, and pressing, issue is quantum computing and the industry’s ability to maintain encryption controls once quantum computers proliferate.

See Related: Insurance Industry To Bring Stability To Cyber Security?

With regard to RPA, Beer said that the challenges associated with it include scalability and performance. “Traditional ways we apply risk and control measures to cyber security are struggling to keep up with that pace of change,” Beer said. “The other thing: digital identities. What identity do you assign to RPA (which is) acting on your behalf? (The space is) struggling with these things, primarily: speed, scale and identity.”

People Problem?

On where most of the weight of the digital transformation – along with cyber security – falls, Beer said, “It’s less about the technology and more about the people… The key challenge is – for teams responsible for different parts of the solution (think security, privacy, fraud and then the digital teams) – how can they work together, share best practices, and be in sync when the organization launches a new digital service?”

He added: “In my mind, it comes down to the people, the culture.” He called the digital world “fast-paced” and “free-flowing” whereas, customarily, cyber security has had a focus in risk, control and checking. He asked: How do they sync up?

Further, to address some internal concerns, Beer pushed for leveraging “adjacent skillsets.” He said cyber security practitioners may need to “buddy up” with digital teams, to drive cyber to a place where it is “at the table” where important decisions are being deliberated.

‘Strategic Vision’

The “TF7 Radio” guest then said that to bolster security, many chief information security officers (CISO) and others are “thinking about the bigger picture.”

“They’re not thinking about cyber security in isolation,” he said. “They’re thinking about convergence with fraud, privacy, resiliency, (and) all to (enhance) the user experience, to help support the relationship with an organization’s clients. It comes down to ‘tone from the top’ and strategic vision.”

As part of that vision, will cyber security infiltrate digital teams to see their goals through? Beer said that in cases like biometrics implementation, the cyber security “embed” could work. This means inserting them into the related space so they can become acclimated with the decision-making process from the outset.

See Related: Catch Up Or 'Swat Flies': Cyber Security Expert Touts AI, ML

The guest then quoted a line he heard at a recent European conference: “Cyber security teams need to get out of the suburbs, and get to downtown offices where the decisions are being made.”

Essentially, that means cyber must become more visible and part of executive decision making. There’s an opportunity to reverse the negative connotations associated with cyber, he added. That means: engaging with the business, marketing and public relations to help them understand how cyber security can drive overall growth.

He said “bidirectional comprehension” is something that can foster productivity.

Cyber Savvy?

Are all folks on the digital side “cyber savvy?” Beer said most likely not yet. However, he called for cyber security to be “scrapped from the agenda” and embedded in every section. That way, it will not be seen as a blocker, but as an “interlocked, integral part” of the digital discussion.

Part of the job of today’s CISO is recognizing these changing tides. The “TF7 Radio” guest said that moving toward 2019, 2020 and beyond, organizations will have to ask what the shape of their CISO must look like. Is that forward-facing and representing the organization publicly?

Beer said tomorrow’s CISO needs “gravitas, communication skills” and a mandate to speak publicly and openly about what an organization is doing around its security.

If the gap between security and lines of business (LOB) does not disappear, and relatively quickly, Beer said, digital teams may take it upon themselves to seek technology, controls and wider teams to bolster their efforts. Beer said it is cyber security’s opportunity to “step up fast.”

The "Task Force 7 Radio" recap is a weekly feature on the Cyber Security Hub.

To listen to this and past episodes of "Task Force 7 Radio," click here.

Be sure to connect with Beer, here.

Be Sure To Check Out: 'The New Normal': Security Concerns Around IoT Inundation