From left, Lakshmi Hanspal, chief information security officer for Box, Adam Richardson, director of technology integration and engineering for BMO, and Greg murray, vice-president of information security and CISO for Rogers. Photo by Paul Darrow.

Published: August 15th, 2019

The Digital Transformation Conference and Awards came and went, but it featured a number of important discussions around cybersecurity that are top of mind for IT professionals across the country.

People’s appetite for instant gratification isn’t going away, so how does security keep up?

Customers aren’t patient, and if a company’s services don’t leave a good first-impression, they’ll ditch it for something else in seconds. But if you’ve managed to get them hooked, that’s great – now you have to iterate on that service, make it better, make it faster, all while ensuring it’s secure from cyber threats.

Lakshmi Hanspal, chief information security officer for Box, asked panelists how their organizations rapidly and regularly enhance user experiences without compromising their security policies and standards.

Visit our Digital Transformation Conference and Awards hub for more articles and videos from the event

Adam Richardson, director of technology integration and engineering for BMO, said the question is foundational to nearly every meeting he participates in.

“You have people in place, managing these processes that can no longer keep up with the technology that’s in place,” he said. “But the solution has to be leader-led, and you have to find the right partners in that universe that can fill the gaps.”

Greg murray, vice-president of information security and CISO for Rogers, pointed to the growing interest in 5G, and how Rogers is partnering with the University of British Columbia to build a real-world 5G Hub on the school’s campus that will act as a testbed and blueprint for 5G innovation in Canada. The three-year multi-million dollar agreement, he said, will help Rogers and its partners better understand 5G technology and how to secure the innovations that flourish from it.

Richardson added that maintaining a close relationship with regulators should be normalized. It helps businesses better understand evolving security and privacy policies, and it helps regulators get a better sense of the type of guidance businesses need to remain compliant and successful.

Don’t be afraid of the word ‘fail’

Okay, let’s just be clear here – leaving yourself open to cyber attacks and ill-conceived cloud migration projects that leave you millions of dollars in debt should be considered as a failure. Bad failures do exist.

But what many executives on stage were referring to when uttering the words “fail fast” was the notion that it’s okay if minor miscalculations occur. In fact, expect almost every new newly launched project or experience to fail in some way, indicated Richardson.

It’ll be a bug, maybe poor branding, or perhaps consumers will simply hate what you launched. But “failing fast” is a good thing and enables businesses to learn from mistakes quickly. As long as businesses don’t neglect the concept of privacy by design and security that’s built-in and not bolted on, failing fast is virtually a-must in today’s fast-paced world.

Learn how to talk to your board about cybersecurity

Nav Canada’s chief information officer Claudio Silvestri led a presentation about how to talk cybersecurity with a company’s board of directors. He mentioned how 77 per cent of CEOs believe they are prepared for a cyber incident, but only 22 per cent of CIOs feel the same way.

“How do you ask for stuff from people who don’t understand what you’re talking about?” Silvestri asked people in attendance, noting if security teams aren’t careful with how they interact with a board, they’ll frequently get a “that’s good enough” response to security issues.

Silvestri wrote about this very topic on ITBusiness.ca. You can read his latest article from his series here.

Share on LinkedIn Share with Google+