The Evolution of Merging Cybersecurity into Operations
How many times do you hear reference being made to the Chief Operating Officer of a company? Certainly, the CEO garners most of the attention as they are the figure head and recognized leader of the company. The CFO receives credit for the financial reporting of the company every earnings season and the CIO or CTO have garnered a lot of the spotlight recently for digital transformation implementation and remote work technologies. But what about the COO? Yes, the COO is often second in command, the apparent heir to the throne beside the CEO, but not every company creates this position. According to a Forbes article last year, the position is sometimes elusive and misunderstood.
Unprecedented Rates of Operational Change
One can argue though that the role of the COO has never been more important than it is today thanks to digital transformation. Companies had been pushing digital transformational strategies prior to the pandemic outbreak, but thanks to COVID, companies were able to leapfrog seven years of progress in only a matter of months according to a report compiled by McKinsey & Company.
The situation mandated that companies reinvent their business models. Businesses had to figure out how to get to the customer since customers were no longer willing to go to them. The size of the IT estate vastly expanded as employees retreated to remote workspaces, thus creating communication and security challenges. It meant seeking out new supply chains to overcome shortages. There wasn’t a map to guide companies during times of sudden change and upheaval. What they required was leadership. For many companies, the COO rose to the occasion, creating value added solutions by driving innovation through their acquired knowledge and expertise.
Traditional Roles of the COO
If we are going to use a government analogy, the COO is more like the White House Chief of Staff. While the CEO is the face of the organization, like the Chief of Staff, the COO serves as an administrative liaison between all the business units throughout the organization. They also correspond with outside vendors and establish valuable relationships and partnerships.
The COO must often serve as a change agent, executing and overseeing the implementation of new strategies designed to take the company in new directions. The person in this role must know how to communicate new goals and objectives, serving as a mentor to train and convince business unit leaders of the attainability of their objectives. This requires them to have a thorough knowledge of each department throughout the company including manufacturing, technology, human resources, marketing, and logistics. As a result, the COO has an innate understanding of the organization that no other senior officer has.
Cybersecurity is not just up to the CISO
Cyberattacks have become so widespread and so punishing that Lloyds of London who currently holds 20% of all the cyber insurance policies in the world recently announced that they are discouraging its syndicates from taking on new cyber business in 2022 due to the mounting losses that are crushing the industry. All of this has occurred since 2020 when companies were forced to reinvent their business models. It is this type of environment that is requiring enterprises to revamp their security strategies to accommodate these new remote and hybrid architectures.
Who is better prepared to take on the challenge of securing these newly created architectures than the COO? Securitizing these new organizations requires more than an understanding of security controls and protocols. You need someone with a thorough understanding of how the operational processes that traverse workspaces and edge locations work to reduce risk exposures across the organizational plane. This knowledge base also aids the COO when it comes to ensuring compliance with the growing array of complex regulatory legislations.
Digitization Involves Security
When you digitize something, you then make it a possible target for digital attacks. If the goal of companies today is to digitally transform all aspects of the company, then all aspects become vulnerability points. Security is no longer the sole function of the IT department.
Companies are implementing cybersecurity training programs to improve the cyber hygiene of their work force. While one might turn to the CISO for scope of this undertaking, knowledge alone doesn’t make you a good teacher. These types of training programs are best implemented by the COO who usually has better communicative skills due to the nature of the job. The COO makes the perfect coordinator for the incident response plan (IRP) as the cooperation and coordination of multiple departments is essential in the time of crisis. With the mass adaptation to hybrid cloud architectures, the COO can ensure that the IRPs are properly revamped to include the security of the companies cloud assets as well.
COOs and Changing Attack Methodologies
For the most part, cyberattacks are no longer about hackers probing and pounding away at external firewalls and perimeter defenses. Cybercriminals infiltrate organizations by taking advantage of vulnerable kinks in the protective armor of an organization. This is exemplified by the large number of social engineering and supply chain attacks today.
Today’s hacker is more patient and strategic. Once a beachhead is established within a targeted organization, the invaders often take weeks or even months performing reconnaissance to identify high value assets to understand the implemented security systems.
While the CISO can be considered the go-to person to secure the personal data of employees, customers and third parties using the latest encryption standards and controls, the COO understands the underlying structures that connect all aspects of the organization. You don’t need to be an expert in endpoint security, but you do need to understand how current endpoint solutions are affected by remote work strategies. In an era in which companies are being required to constantly reinvent their business models, having a visionary foresight into how the company must evolve its security practices is just as important as understanding the functions of each security layer.
Just as companies are turning to technology to attain greater agility and elasticity to respond to changing business environments, they need the skillset of a versatile COO who can fuse their future endeavors. As cybersecurity becomes a competitive advantage for companies today, there is no doubt that COOs will play an even bigger role in cybersecurity leadership and innovation.