Enterprise Agility in the Face of Rising Cyber Threats

Jonathan Sinclair, Associate Director, Cyber Security, Bristol Myers Squibb

Jonathan Sinclair, Associate Director, Cyber Security, Bristol Myers Squibb

Abstract:

The following piece will approach the topic of Enterprise Agility with regards to the ever prevalent and increasing pressure of cyber threats on organisations.

Agile – the background:

Agile practices arose out of frustrations in the software development space in having to conform to structured development programmes (Waterfall), that prioritised planning and rigidity over adaptation and flexibility.

The evolution of this development from structured and planned, to flexible and adaptive, provides a useful metaphor for the evolving business environment, whose adherence to fixed planning and structure, a relic of the industrial revolution, has yet to have lost its shackles to the modern global environment, where opportunities and challenges resist prediction, given the stochastic landscape in which all Enterprise’s now operate.

The answer is therefore to plan for disruption, process engineer innovation and build in agility, which will ensure reducing the time required to pivot, implicitly create resilience, and ensure a competitive outlook for the organisation.

To exemplify the point, one only needs to look at the recent rise of ransomware threats () against organisations such as Cognizant, Travelex, Toyota, Garmin, LG Electronics, Xerox, etc.

Adding further context: Your CISO is no doubt advocating traditional defence-in-depth strategies, that require heavy financial investment in areas such as a security operations centre, end-point detection capabilities, hunt teams, threat intelligence feeds, anti-malware software, DLP capabilities, etc.

It will be but a few that will be advocating an agile mindset, complimented with resilient processes that plan for a defensible strategy of adaptation and ability to pivot.

Having stated the above, many reading this will probably consider it a restatement of the old organisational discussion as to whether to centralise or decentralise, and at a high level you’d be correct however, the salient difference is how processes and a complimentary agile mindset are applied.

Conclusion:

The advocated shift of focus will not be easy to embrace and will be even harder to implement within the context of an Enterprise organisation, however the journey must be started and can be initiated with a mind-set change.