I once heard an analogy that is very relevant in the cybersecurity world today.
“It’s the brakes on a car that allow it to go faster.”
It's the kind of quote that makes you think a little bit. When you think about brakes on a car by themselves, everyone assumes that they are there to slow the car down. We don't ever equate brakes with a car going faster.
But ask yourself: How fast would you drive your car if you didn't have any brakes on it?
You probably wouldn't go over 5mph. Because the brakes help keep you safe and secure.
The same can be said for having a solid cybersecurity program at your bank or credit union. At Bedel Security, we like to say cybersecurity should be a business-enabler for your institution.
Right now, banks and credit unions want growth. It's a good time for that. If you're not growing, you're dying, right?
As a financial institution, though, we often equate growth with physical expansion with new branches or acquisitions, implementing new products or technology, or growth of deposit or loan portfolios.
The problem is that in a lot of these situations, cyber security can be an afterthought, rather than part of the strategy.
We sometimes hear things like:
“We've got a lot of growth going right now. And once that settles down, we're going to get real serious about our cyber security program.”
or
“We have a lot of technology initiatives on the table this year and when they get done we'll definitely be turning our focus to our cybersecurity program.”
The problem with that way of thinking is that it's really hard to bolt on information security after the fact. If your bank is growing and you're adding locations or headcount to your organization, you need to build out the processes ahead of time to keep up with that growth.
If you're putting in new technology, the time to incorporate cybersecurity controls into that technology is while it’s being designed and implemented.
While it seems like a pain in the upfront, if you don't, you might be paying for it later in the form of a breach, bad regulatory exam, or in the headache of trying to fix this stuff after the fact.
And I can tell you from my experience is that after the fact, it gets much more expensive to do some of these things correctly.
If you have growth on the table. If you are starting to think about expansion, or major technology initiatives, part of your strategy should be to make sure that your cyber security program is up to speed. That way it can keep up and be there along the way.
And if done correctly, some financial institutions are finding that cybersecurity and information security is not a hindrance to their growth, but instead allows them to be faster and much more strategic with the above-mentioned initiatives.
So, like the brakes on the car earlier, cybersecurity becomes part of that structure that allows your institution to be faster and more strategic while staying safe and secure.
3 Tips for Making Cybersecurity a Business Enabler:
- Get a CISO or Virtual CISO with business acumen (or find a mentor that can help get them there).
- Get your CISO or Virtual CISO involved in business strategy. At a minimum, keep them very well informed of the strategy.
- Build your risk management processes beforehand. This will help with governance during the growth to help keep things from getting too far off track and it allows for process improvement and maturity along the way. (Looking for additional info on governance? Check out our post, The Gist of Governance.)
Want help putting this in place?
Making cybersecurity a business-enabler is what Bedel Security was founded on.
We do that in one of three ways: We can fill the CISO role. We can help your existing CISO with the workload. Or we can train your CISO or future CISO.
Just reach out to us at support@bedelsecurity.com or call us any time at 833-297-7681.
Related resources:
https://www.bedelsecurity.com/blog/5-ways-your-ciso-can-drive-innovation
https://www.bedelsecurity.com/blog/5-objectives-for-a-chief-information-security-officer
The Bedel Security ISP Tasklist