Learn the Principles of Cybersecurity
Learning Objectives
After completing this unit, you’ll be able to:
- Explain how to lead a cybersecurity program.
- List what leaders should consider when managing cybersecurity risks.
Lead a Strong Cybersecurity Program
Implementing an effective cybersecurity program takes a leader who thinks about and prioritizes how to use technology and cybersecurity to protect the business from unnecessary risks. This may sound daunting, but there are a variety of tools available to help you guide your organization safely. Working with internal and external partners can help organizations confront the dynamic nature of threats by sharing information across industries and borders to bolster data privacy and security.
Bolster Your Organization’s Cybersecurity
The cost of not implementing cyber protections grows every day. A study by Zurich Insurance Group found that globally, the potential cost of cyberattacks could be up to $90 trillion in net economic impact by 2030. While there is an abundance of guidance in the cybersecurity community, it can be difficult to discern which of these best practices to focus on.
Enter the World Economic Forum and its partners who have developed an important new resource, The Cybersecurity Guide for Leaders in Today’s Digital World. This guide lays out 10 principles for an organization to effectively embed cybersecurity in its corporate DNA. Let’s take a look at these principles at a high level.
Cybersecurity Tenets for Leaders | |
---|---|
Tenet |
Description |
1. Think like a business leader. |
Position cybersecurity as an integral component of the organization’s business strategy. |
2. Foster internal and external partnerships. |
Partner with internal and external groups to manage risk and share information. |
3. Build and practice strong cyber hygiene. |
Core security principles minimize the risk of attackers exploiting known vulnerabilities. |
4. Protect access to mission-critical assets. |
Prioritize investments in strong identity and access management systems. |
5. Protect your email domain against phishing. |
Protect against phishing campaigns by training employees and implementing email filtering. |
6. Apply a zero-trust approach to securing your supply chain. |
Assess the supply chain for cybersecurity risks, and protect the software development lifecycle. |
7. Prevent, monitor, and respond to cyber threats. |
Implement novel detection techniques, and prepare for incident response. |
8. Develop and practice a comprehensive crisis management plan. |
Have a plan for when a crisis occurs and document procedures. |
9. Build a robust disaster-recovery plan for cyberattacks. |
Use these plans to react in case of a disaster, and to reduce the time to restore services. |
10. Create a culture of cybersecurity. |
Ensure everyone understands their role in safeguarding the business. |
Sum It Up
You’ve now previewed 10 tenets that can strengthen your organization's resilience. In this module, we dive into the first five principles that cover managing cyber risks. The second module of this trail, Cybersecurity Threat Prevention and Response, covers further information about how to secure your supply chain, respond and recover from cyberattacks, and create a culture of cybersecurity. Let’s start by finding out how you can learn to think like a business leader.
Resources
-
External Site: World Economic Forum: The Cybersecurity Guide for Leaders in Today’s Digital World
-
White Paper: World Economic Forum: Advancing Cyber Resilience: Principles and Tools for Boards
-
External Site: Global Cyber Alliance: Cybersecurity Toolkit for Small Business
-
Trailhead: Cyber Resilience Program Development