A PwC study last year revealed that about 62% of global CEOs worry that cyber threats will affect their company’s growth prospects.[i] As a result, it is not surprising that potential cybersecurity risks “will pressure CIOs at G2000 companies to increase IoT security spending by up to 25%, temporarily neutralizing business productivity gains.”ii
How do we balance digital risk with business growth driven by digital transformation?
A “Defense in Depth” approach that includes people, processes, and technology across an extended digital ecosystem is a good way to bolster any company’s cybersecurity posture. Three steps solidify the stance:
#1 -View cybersecurity as a business enabler
Only 30% of CIOs work in conjunction with CISOs take steps to ensure a business-led approach to digital risk across the organization[ii]. Let’s do more. Being a company’s cybersecurity leader is not about being a cyber expert but about being a digital transformation advocate who can connect the dots within the company and its extended enterprise. It’s important to be obsessed by protecting assets and framing the digital risk in the context of a business-enabling conversation.
Schneider continuously asks, “What is the bottom-line impact of cyber threats to cost, continuity, and customer confidence?” We have cyber experts and digital risk leaders distributed globally to ensure that cybersecurity is regarded not as a laptop or IT issue but as a business discipline.
#2 – Widen the risk aperture beyond the perimeter
We have no perimeter. Schneider Electric views risk beyond the company boundaries to the supply chain, delivery, and deployment of products and solutions, and throughout customer sites and managed assets to protect their safety and reputation alongside our own. This landscape is becoming more expanded by technology that connects everything, from people to process.
From IT to OT — and from our customers to our enterprise — the potential cyberattack surface is large and can be used at any step of the kill chain. We, therefore, adopt a layered approach to cybersecurity that tracks to the NIST framework with its five concurrent and continuous functions: Identify, Protect, Detect, Respond, and Recover.
Addressing every element of this broadened perspective requires an ecosystem of partners. We strengthen digital innovation through an extended enterprise that includes strategic partnerships with best-in-breed collaborators. For instance, we partner with an OT infrastructure security specialist to secure our factories, as well as an AI-based prediction and prevention software specialist to reinforce our endpoint enterprise security.
#3 – Adopt a “Cybersecurity by Design” approach
Cybersecurity by Design is not just about secure product development and delivery. It’s also a business process — an end-to-end mindset as part of Schneider’s DNA. As Hervé Coureil, Chief Digital Officer, says, “Cybersecurity is a continuous, always-on, proactive activity — not a task or a step in a process.” This holistic strategy includes people, processes, and technologies that integrate security at every step instead of downstream, which often is very late. Too late, in fact.
When it comes to the Secure Development Lifecycle (SDL) for products, think about the Cybersecurity by Design posture this way: if you find a crack in a building, you would have to go back to the foundation, and perhaps the design, to the fix it. Likewise, if you don’t consider product security in the beginning, you’d have to go back to the architecture itself — to the R&D whiteboard and supply chain — to address the issue and course correct. Imagine the challenges.
We continuously heed lessons learned to strengthen our cybersecurity process, and we offer this collective expertise to our customers through EcoStruxure™ cybersecurity services to protect our vast digital ecosystem. As part of the SDL process, we embed security at the beginning as we develop IoT-enabled EcoStruxure™ solutions.
Answering the global call for trust and security
Across today’s highly connected landscape, cybersecurity must become an inherent part of every company’s business culture, processes, and innovation. As Schneider Electric has embraced the lessons learned from our own digital transformation journey, we hope that, together, we can build a more secure, safe, and productive digital economy.
[i] For CEOs, Cybersecurity is both rising concern and significant opportunity,” by Dave Burg, US and Global Cybersecurity & Privacy Co-Leader, PwC; Grant Waterfall, US & Global Cybersecurity & Privacy CoLeader, PwC; and Christopher Castelli, Director, PwC, 23 March 2017. https://pwc.blogs.com/resilience/2017/03/for-ceos-Cybersecurity-is-both-rising-concern-and-significant-opportunity.html; PwC’s 20th Global CEO Survey, full report available at https://www.pwc.com/us/en/library/ceo-agenda/ceo-survey.html; “U.S. business leadership in the world in 2018.” US supplement to the 21st Annual Global CEO Survey, January 2018. https://www.pwc.com/us/en/library/ceo-agenda/pdf/21st-annual-global-ceo-survey-us-supplement.pdf
[ii] Gartner, Analyst(s): Rob McMillan, Paul E. Proctor, “Cybersecurity and Digital Risk Management: CIOs Must Engage and Prepare.” Published: 17 January 2018 ID: G00349114