Skip to the main content.
CONTACT US
SCHEDULE A DEMO
CONTACT US
SCHEDULE A DEMO
Partner Programs
Technology Partners
Featured Report

netenrich-gartner-emerging-tech-security-report

2 min read

Managing Cybersecurity Risk from the Boardroom

Source:  Originally published in MSSP Alert on Aug 15 2022

As a leading MSP, Blue Mantis (fka GreenPages) has to be the best of the best steward of cybersecurity for our customers. Cybersecurity stewardship has to permeate through our entire organization every step of the way in our interactions with our customers, from the first sales touch point to how technical team engages. We have the responsibility of holding our customers’ “keys to the cyber kingdoms,” so we are extremely diligent and relentless about cybersecurity.

Keeping our customers safe from cybersecurity threats: As a 20-year cybersecurity and MSP industry veteran, I’ve learned that the approach of continuing to buy more tools and hire more people does not necessarily lead to better security. While it may improve security postures in the short-term, it becomes untenable and impossible to manage in the long-term. We’ve had to take a step back from the more-tools, more-people approach and ask ourselves, “How can we manage the compounding problems of our customers’ increasingly complex digital environments along with escalating cybersecurity threats that are increasing in frequency and sophistication?”

 

Taking cybersecurity to the boardroom

Cybersecurity risk must be a board-level issue because cybersecurity risks are enormous. Getting hacked, data breaches, malware, loss of service, and ransomware, etc. can take down your business and your customers’ businesses. So we need to not only tackle cybersecurity at the technical level, we must also manage cybersecurity risk at the board and executive levels. There has to be cybersecurity expertise on the board.

It’s up to the board to determine the organization’s risk tolerance, to set goals, and then fund decisions on how to achieve those goals. Of course the board does not decide whether you need to buy a certain security tool. It assesses: What are the “crown jewels” of the company? What do we care most about? How are we protecting our crown jewels? How are we accountable? It’s important to focus on outcomes how they align with corporate goals.

I sit on the Blue Mantis (fka GreenPages) board as the cyber expert, and I spend a lot of time educating our board on cybersecurity issues. It’s highly effective, because when the board is cyber aware and aligned, our organization can move fast to roll out cybersecurity programs organization wide. We specify expected outcomes, ensure accountability, and fund appropriately.

When that happens at the board level, you remove the sand from the gears. It’s clear to everyone throughout the organization that security is a priority, and projects that meet the organization’s security goals get funded and executed successfully.

 

Metrics and ROI

Blue Mantis (fka GreenPages) has set of key metrics that I regularly present and discuss with the board. I built dashboards for them in a straightforward way to show accountability and transparency. We measure progress month by month and tie progress to the spend in the funding that was approved to get better. We measure:

  1. Are we getting better with our overall security posture? 
  2. Are funded projects producing the results that we expected? 
  3. Are we responding to events quicker? 

I am transparent with these metrics – with the board and with our customers – because transparency drives outcomes, builds trust, and educates. When you can show progress and meet goals, it drives the funding we need to continue to get the job done.

 

Getting certified in cybersecurity management for corporate boards

I discuss this often with our customers, and I strongly encourage them to take the Cybersecurity Strategy Online Certification program at Boston College, where we partner.

One of the most important things you learn in that program is that you can’t wipe out cybersecurity risk. You can manage it. You anticipate unknowns so that you can move quickly to mitigate damage when something bad happens. Learn more in the eBook A Board’s-Eye View of Cybersecurity Risk.

 

Netenrich Adaptive MDR™: Not Your Average MDR Solution

Netenrich Adaptive MDR™: Not Your Average MDR Solution

“In cybersecurity, the only constant is change.” This age-old adage continues to ring true as organizations navigate a shifting threat landscape with...

Read More
Red CryptoApp: A New Threat Group in the Ransomware World

Red CryptoApp: A New Threat Group in the Ransomware World

This is a preliminary report based only on the data leak site (DLS), listed victims, and other observed patterns. A detailed investigation will...

Read More
Netenrich Earns Google Cloud SecOps Service Delivery Expertise Certification

Netenrich Earns Google Cloud SecOps Service Delivery Expertise Certification

As the first, exclusive pure-play Google Chronicle SecOps partner, Netenrich is 100% committed to the Chronicle SecOps and Mandiant technology stacks...

Read More