Strategic Frameworks for Approaching OrgSecOps

Sar Malik
July 15th, 2020 · 4 min read

Twitter’s cybersecurity breach on July 15, 2020 highlighted numerous concerns about the transfer of liability from social platforms to your brand perception. While there’ve been past isolated incidents related to lax password policies, a platform-wide vulnerability exposes the importance of corporate-wide readiness and direct channel sales optimization.

In this article, we examine and advise strategic approaches that growth leaders can implement in designing risk management frameworks for cybersecurity including: direct as part of an omni-channel communications plan, cultivating the right SecOps talent company-wide which is otherwise considered indifferent from IT PMO, and seeing through top-down commitment.

Designing Frameworks

Data security and cyber incident response has emerged as the core issues facing organizations’ tech stack in recent years. The challenges have been exacerbated by the fragmented landscape influenced by a complex regulatory environment and non-standardized approaches for implementation.

Time and time again, we’ve observed that growth leaders that take a considerable stride in pairing overall digital transformation with cybersecurity innovation often lead to greater competitive and long-term operational advantages. They do so by focusing on a number of initiatives: first, establishing a cyber-threat management risk culture and second, moving to an incentive system of risk taking for innovation driven outcomes.

Effective cyber-strategies should encompass these major goals:

  1. Define the associated risk to business assets and the potential value from effective handling.
  2. Build necessary operational capabilities to manage the digital threats against resources that are increasingly are driving business growth.
  3. Establish targets that should balance the organization’s readiness and agility to manage cybersecurity risk with its overall desire to continue to innovate and grow.

The best-in-class SecOps teams consider a holistic view of their digital infrastructure and data-security requirements, and that perspective is built on a foundation of talent and top-down commitment from the core leadership team. However, the need today is to increasingly decentralize threat identification and risk management for targeted and agile response.

To counter events deemed as “breaches”, “incidents”, or “vulnerabilities” after discovery, a response framework has three essential ingredients: the right level of threat intelligence, sufficient volume of data for the business to act upon, and a dedicated policy that teams can rely upon for reporting and remediation.

In addition, the response must be based on a clear understanding of the business value that can be garnered from handling the event and not simply an orchestration scenario checklist to go through completion.

Mitigating Platform Risk with Direct Funnels

An omni-channel corporate communications plan has always been critical to diversifying risk from any single point of failure, but what if multiple endpoints are breached simultaneously? Social platforms holistically are points of failure within a company’s strategy and when overlooked, leaders underestimate the degree of inertial friction that can hamper the firm’s ability to achieve its goals.

In designing corporate communications plans, social has become the center point due to the agreed upon potential for virility and engagement with customers as drivers of growth. Our approach recommends a considerate and more prominent focus on direct-channel sales funnels that bring inbound traffic and identify candidate leads.

In 2019, we analyzed radio advertisements from the top 50 business & finance stations using advanced NLP (natural language processing) AI techniques and concluded an ~83% shift towards driving webtraffic to direct-channels over a snapshot from five-years prior, mid-2014.

More often than not, organizations are transitioning away from “follow us on Twitter, like us on Facebook, find us on social media” to “visit our website at quant.one”. This serves two key factors: first, it compresses the sales funnel to transacting, and secondly it brings an emphasis on better qualifying leads for a sales-first instead of marketing-engagement approach.

AI bots are the most impactful way of lead qualification by acting in the capacity of an SDR, deriving actionable leads for follow-up.

Exploring creative ways of leveraging digital transformation solutions to refine your existing lead-gen process and increasing conversion is to be considered part of a broader play, one that strengthens the foundation of your business model as not solely dependent on uncontrollable platform risk.

Get in touch to inquire about licensing our advanced NLP datasets or for custom analyses and solutions to enable your business growth.

Cultivating Broad-Pool OrgSecOps Talent

In order to manage cybersecurity risk effectively, leaders need to understand the root causes of the issue and the behavior that leads to it. In practice, this means identifying what the event outcomes potentially are, and then what teams are capable of in handling. Most importantly, it’s critical to work out how the organization can effectively isolate and better prepare for future scenarios.

In doing so, SecOps should not be defined as an isolated role type but instead, woven into the fabric of culture to empower employees at all levels in your organization - OrgSecOps. Cyber-incident mitigation is a particular challenge for frontline staff because of their daily work with customers in conduct of business operations. Staff members at many leading organizations have a good understanding of the work they do, but few of them have the skills to deal with the specific challenges they face when it comes to advanced threat identification, reporting, and mitigation.

Through 2013, data breaches originating from inadvertently exposed USB ports in ATMs at retail chains such as Target exposed the consumer credit data of millions of shoppers. - CNN

Similarly, cybersecurity training should not be delivered solely to those otherwise deemed most at risk. In fact, executives are more likely targets from highly sophisticated financial fraud schemes using industry-specific terminology and in exceptional cases, delivered using AI algorithms.

Deepfake neural audio algorithms were used in August, 2019 to imitate the voice of a British Energy Company executive in committing wire-transfer fraud, a highly sophisticated form of AI based social engineering. - WashingtonPost

Many PMO and IT organizations are aiming to cultivate flexible talent pools by improving the quality and scope of their understanding of the key areas where threats emerge. For example, financial crime driven by vulnerabilities in core banking infrastructure has been on the rise in the past decade, but newer approaches are taking a targeted view of how they impact unconventional roles such as in sales trading or during M&A transactions.

Advanced analytics and automation tools such as Splunk are paving the way for risk management to enterprise data assets across the board.

Read more about how you can empower your employees and more effectively lead innovation engines in your organization.

Commitment from Leadership Teams

A complete transformation of the cybersecurity will require a set of new skills and capabilities that CIOs and other senior executives will have to ensure across the organization as part of OrgSecOps.

The responsibility is a shared-one amongst the management team and not simply traditional IT teams. It’s important to ask how best finance, marketing, and sales divisions can collaborate to deliver effective governance policies with a shared response plan to any corporate breach or incident.

Get in touch to learn more about how your organization can harness the power of solutions such as Microsoft Azure ATP to take action against potential breaches in real-time and get a 360* perspective of your digital assets.


More articles from Quant ONE Inc.

Perspective: Approaching uncertainty in a noisy world

The perception of unconstrained growth is extremely dangerous, in this article we define a perspective that will help to gauge a better understanding of global events.

June 26th, 2020 · 3 min read

Perspective: Blockchain's New Value for Banks

We examine how the often-hyped technology Blockchain, creates impactful opportunities for fintech growth leaders and advances industry standards for managing risk.

June 26th, 2020 · 2 min read
© 2020 Quant ONE Inc.
Link to $https://twitter.com/tcpnetLink to $https://www.linkedin.com/in/sarmalik/Link to $https://dribbble.com/sarthakmalikLink to $https://github.com/sarthakmalik