BT Ireland’s Michael McNamara helps leaders readjust their thinking so that cybersecurity is always baked into their business plans.
Throughout this week on SiliconRepublic.com, we’ve heard from several professionals working across the cybersecurity industry, from cyber risk analysts all the way up to security leaders.
One unifying message that has come through from all of these experts is that having a strong cybersecurity mindset within any business is key to ensuring your organisation is as prepared as it can be as the threat landscape continues to grow.
It’s all well and good knowing that you need a strong security mindset, but what does that actually look like and how can you ensure both you as a leader and the rest of your team start thinking with cybersecurity baked into your plans?
Michael McNamara has been leading security and compliance in BT Ireland for the last five years. Before that, he worked in the wider BT group as security, risk and governance lead with teams in Dublin, Belfast, UK and India.
He shared his top tips on how leaders can change the way they think and get into the right headspace to ensure cybersecurity is top of mind while helping to dispel some common misconceptions leaders may have.
Know what’s important
As we heard from Aon’s David Molony, companies now have to demonstrate “a coherent risk-management strategy” to obtain coverage from cybersecurity insurance providers.
Having a strong risk-management strategy requires a strong cybersecurity mindset and, according to McNamara, this means leaders need to understand what’s most important to the business they are trying to protect.
“It’s key that you understand the risk and potential impact of an attack on those assets and to put the appropriate measures in place to protect them,” he said.
Build a diverse security team
While the IT security sector is suffering from a severe talent shortage, along with much of the rest of the tech sector, diversity remains a key issue.
Not only could widening the talent pool and ensuring you are reaching more diverse talent narrow the skills gap, but McNamara said it’s important that your security team is able to see the world from different perspectives.
“From a wider business view, awareness is essential; our people need the right level of knowledge and training to be able to act as our first line of defence,” he said.
Make cybersecurity part of your wider strategy
A major part of shifting your mindset is ensuring cybersecurity isn’t siloed away from the rest of the business. Thankfully, McNamara said this mindset is becoming a thing of the past.
“For a long time cyber, and before that, IT security was very much an IT issue. It only came into focus when there was funding required or there was an issue. In the past we tended to lock down technology and lock out bad actors, but this isn’t as straightforward as it once was in the modern collaborative workplace,” he said.
“Risk management has now become a much more integral part of cybersecurity. Where once cybersecurity teams might have been seen as a barrier to overcome, they are now being recognised as strategic partners in business decision making.”
Know that there is no silver bullet
While there may be a temptation for leaders to take a ‘one and done’ approach to something like cybersecurity, countless cybersecurity leaders have pointed out that there is no one-stop-shop, no silver bullet, to managing cybersecurity.
“I think the idea that one tool or team can sort out all your cybersecurity issues and concerns is a prevalent misconception,” said McNamara.
“Cybersecurity is very much a team sport and the whole business has skin in the game. It’s so important that businesses build meaningful partnerships both internally and externally.”
Be adaptable and flexible
Finally, in order for leaders to truly adopt a cybersecurity mindset, they must be open-minded and willing to adapt.
“The cyber world is changing rapidly; developments in technology are exploited by cyber criminals as well as technology pioneers,” said McNamara.
“As leaders, we need to have an adaptive and flexible mindset around cybersecurity. Where once the starting point for leaders was what do we do ‘if’ we are attacked, now leaders with a cybersecurity mindset are planning for what happens ‘when’ they are attacked.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.