3 cybersecurity fundamentals for enterprise leadership, according to the experts


September 27, 2021
min read
3 cybersecurity fundamentals: people, process, technology

Three cybersecurity fundamentals for enterprise companies: people, process, and technology; which are direct from experts and organizations in the IT security industry.

Despite frequently hearing words like “ransomware”, “phishing”, and “data breach” in the media—and possibly even at work—25% of technology leaders reported that their board members still do not identify cybersecurity as a major risk to their enterprise organization.

“With all the developments in technology, cybersecurity has both benefited and changed from the increased visibility and insights we gain from the enormous amounts of data we collect, store and analyze. The growth of the public cloud has offered huge amounts of economical store and compute, that can be brought online quickly and scale as needed.”
Michael Wahl, Senior Director - Global IT and Cybersecurity at Tweddle Group

In this Fast Facts post, we’ll be covering three fundamental aspects of cybersecurity for enterprise companies. These cybersecurity principles, direct from experts and organizations in the IT security industry, could nudge board members to rethink their risk assessments for cyber threats.

“Cybersecurity” is an all-encompassing term that’s used to detail all the tools and methods used to prevent unauthorized digital access—and because it’s such a broad term, it can easily become overwhelming and frustrating to non-IT senior management. In fact, “cyber fatigue” has become more prevalent over the last few years, even for IT professionals. Unfortunately, as cyberattacks continue to evolve, it’s now more imperative than ever for leadership to go beyond simply meeting IT compliance requirements. Leaders must be actively involved in shielding their organization against malicious attacks.

Yes, protecting an enterprise organization against cyberattacks is an extremely complex practice, but a strong cyber defense strategy is built on three basic fundamentals: people, process, and technology.

#1: Educate people, because they could be your biggest IT risk 👨

“Employees can create some of the greatest risks to cybersecurity. However, when they are well informed they can also be an asset and a first line of defense. Oftentimes, cybercriminals will specifically target employees as an attack vector based on their lack of knowledge for security best practices.”

CSO Online

Pro tips from CIOs and CISOs in the Pulse community:

  • Communication from leadership to employee and vice versa is vital to establishing a “cyber threat aware” culture.
  • Invest in ongoing employee training for best cyber defense practices.
  • Join the Pulse community to discover how other enterprise technology leaders increased cybersecurity awareness and adoption at their company.

#2: Establish detailed business process(es) 📝

“To ensure continued operations with minimal [downtime], your organization should have an IT recovery plan as part of its overall business continuity approach. In this plan, your organization should identify critical data, applications, and processes and define how it will recover IT services that support business operations, products, and services.”

Canadian Centre for Cyber Security

Pro tips from CIOs and CISOs in the Pulse community:

  • Always have an incident response plan that provides associates with clear actions based on their role within the organization to minimize negative impacts on the business.
  • Regularly sync with managers across the organization to ensure cybersecurity is top-of-mind and incorporated within their internal and external processes.
  • Understand how well and how often threats are monitored, documented, researched, and responded to. This will bring any vulnerabilities to the forefront, help your organization adapt to new or evolving threats, and better protect the enterprise in the future.

What advice would you give to IT teams when they plan, respond to, document, and investigate cybersecurity risks?

“Make sure [you] really understand the full picture. [Go into the] system and asset inventories, control inventories, risk inventories, etc. Without a clear picture of what the universe looks like, the organization is by default accepting risks that they haven't measured. This is particularly true during an incident or response event when new things pop up that the team should have been well aware of.”
Anthony Johnson, Founder and Managing Partner at Delve Risk

#3: Take advantage of tools and integrated technology ⚙️

“Any piece of electronic equipment that uses some kind of computerized component is vulnerable to software imperfections and vulnerabilities. The risks increase if the device is connected to the internet or a network that an attacker may be able to access. Remember that a wireless connection also introduces these risks.”

Cybersecurity and Infrastructure Security Agency (CISA) and Stop.Think.Connect™

Pro tips from CIOs and CISOs in the Pulse community:

  • Always have fail-safe and backup security plans, using a layered approach as part of your security strategy. Never rely on only one tool or one line of defense.
  • Keep people and processes in mind when thinking about which tools and technologies to implement. Some technologies might be great for the IT department but frustrating for other employees to use on a daily basis.
  • Take advantage of modern technology by automating tedious or manual operations.

Can I protect my organization against the latest cyber threats using older tools?

“Absolutely. Most of the cyber threats and breaches that [have and continue to occur] rely on older or fundamental security issues. Applying the fundamentals well and using older tools to solve core issues like visibility, completeness of patching, etc., are some of the best ways to really have a mature cyber program. Advanced techniques and tools are great, but only after the basics are done well.”
Anthony Johnson, Founder and Managing Partner at Delve Risk

Implementing a multi-layered IT strategy that promotes educating people, improving business processes, and integrating technology cannot be done on a whim. It’s critical for everyone—including board members—to partake in risk management for enterprise organizations to minimize potentially detrimental digital attacks.

Access data and intelligence from thousands of verified technology CxOs, VPS, and Directors, while engaging in compelling conversations about what's top-of-mind for tech leaders today.

Join the Pulse Community

Join the executive community

Make and shape business decisions with tried-and-true advice and benchmarks from technology leaders

Executives powering Pulse

“With its survey data, Pulse skips the anecdotes and provides deep context and real numbers for the topics that are top of mind for my organization.”
Julie Cullivan photo
Julie Cullivan
Chief Technology and People Officer, Forescout
“Pulse beats any other platform, research company, Slack groups, etc. at getting me the most relevant advice and content. I rely on Pulse for all knowledge and insights. The answers are consistently exactly what I need.”
Roberto Torres photo
Roberto Torres
CTO, Taimingo
“What the IT community has needed is a vendor free, agenda free platform which encourages discussion and debate amongst peers. Pulse has nailed that in both their Q&A and timely reports.”
Lee's headshot
Lee Vorthman
CSO, Oracle
“I love that Pulse is a one-stop shop for all the peer conversations and insights that are presently super scattered and disconnected among various Slack channels and other CIO groups.”
Enrique Jenkins photo
Enrique Jenkins
Head of IT, DoorDash
“Being able to drive discussions on new tech with my peers and getting immediate feedback is exactly what has been missing until Pulse.”
Manjit Singh photo
Manjit Singh
CIO, Toyota
“For the past two weeks, the first news source I check [every morning] is Pulse. I look at Focused Five everyday. Pulse first, then Twitter, etc. You're that good.”
Miguel Borbolla Olea photo
Miguel Borbolla Olea
Director of IT, OCESA
“I’m excited for what the Pulse team have built to better connect the CIO community. It’s been exceptional for many of us in the community to get clarity and aid decision making as we develop our strategy.”
Yusuf Khan image
Yousuf Khan
CIO, Automation Anywhere
"Transformative change and real-time insights can only come from the people who are doing it day to day in an innovative way. I get a wide variety of that insight from Pulse."
Malcolm Harkins photo
Malcolm Harkins
Chief Security and Trust Officer, Cymatic