Securing Businesses

Human Race has walked on earth for a very long time. A very long tenure of this presence was hunter & gatherer kind of phase where humans kept on moving and broadly speaking, didn’t have too many possessions.

For approximately past 10,000 years, we started living in some form of civilization and structures of our homes, our possessions & occupations have undergone great changes.

1.      Early on we had small huts built with mud & wood, which were enough to give shelter to a singular family. With time, doors and small bamboo peripheries were added. Possessions were animals, basic utensils & tools

2.      We started organizing ourselves in small tribes, where a few families lived together. With this, we also added some additional boundaries at the tribe level and started creating security roles. Additional processions were some precious stones & clothes etc.

3.      Then came smaller towns, someone started to rule these towns and at times these rulers also created small forts to protect their belongings. At possessions level, people had more precious stones & metals and some other precious things (arts or collectibles).

4.      With time some of these small-town rulers were able to grow their control and they forged battles to grow their empires (some small, but some very large empires, too). These rulers created some very mighty castles for themselves and at times some protection mechanism to protect their whole empire e.g. The Great Wall of China

5.      At more contemporary level, we have ~ 200 nations where our respective Governments provide security coverage for the citizens and through complex structures, we have Village / Town / District / State / Nation level agencies which cover policing and other security aspects. Beyond all of these, especially in large cities; we also have ‘Housing Complexes’ where the builder and / or the Residents’ Association provides additional security services.

Above is an overly simplified version of ‘scale of growth’ on how we lived. But we also need to consider the complexity of our occupations and businesses. At first two stages, we were mostly dependent on farming & rearing animals. With every single passing phase, we started doing newer and more complex businesses; where we had dependence on ‘external’ people i.e., people outside our tribe, town or empire.

As you think through these stages on your mind, you would realize that we have undergone a large change on ‘what we need to protect’. From precious stones, precious metals, finished goods, business structures, trade secrets to secret and /or sensitive information – we have come a long way.

Initially, multiple layers of security were built for protecting the ‘jewels’ (precious possessions). With time, a lot of efforts were spent to additionally protect trade secrets (from where-to & at-what price buy and sell goods on Silk Route to more recent ‘Coca Cola recipe’). With time, managing & securing information became a structured practice and was referred as ‘Information Security’. At macro level, it had three guiding principles around maintaining Confidentiality, Integrity and Availability of sensitive information.

Through past 20 odd years, our businesses have undergone a massive change on how we operate. Digital Transformation has swept in across industries and with that (arguably) ‘Information’ is the biggest business differentiator and thus the need of focus to safeguard it. With the complexities of Digital Transformation, Information Security as a discipline has also evolved and with the ‘everything-connected’ (to Internet) state, lots of us refer to the term ‘Cyber Security’

With all of the above as the building ground, I would like to leave a call-out for the CEOs / Business Heads to relook at the state of their ‘Crown Jewels’ Protection’ in their respective empires. Aligned with the scale (type 2 to 4, on in some cases even 5) and complexities (level of interaction and / or dependence on other businesses & external personnel) define their ‘Business (large parts, Cyber) Security’ Programs. The requirements would defer greatly as per the size & complexity of their businesses; but at a macro level following actions can be considered:

• Hire & Empower your Defense Ministers & Chief of Defense Forces (CROs & CISOs)
• Ensure that your organization has an effective way of discovering & inventorying all the ‘Crown Jewels’ (Sensitive Information assets)
• Sponsor, adequately fund-for and monitor ongoing enablement and enhancement of your security program (Cyber Road Map)
• Invest your own time in acquiring & understating Threat Intelligence (same name in Cyber world 😊) and participate in War Drills (Cyber Drills) for better preparedness to handle unforeseen incidents.
• Invest enough time & focus for Security and drive ‘Secure Culture’ across the organization
• Challenge assumptions & reaffirm security responsibilities

The last point is quite pertinent to ‘Born in Cloud’ organizations, where a false sense of security may prevail that Security is taken care-off by the ‘cloud provider’. Think for the big Apartments’ security in scale #5, while security is beefed up – but you are still responsible for security of your valuable (Crown Jewels / Data) and who comes into your place (Access to data)

Hope some readers find this useful! Happy to address any queries or follow-up questions.

 #CEOs #BusinessHeads #BusinessSecurity #CISOs #CROs #CyberSecurity #Bettertomorrow