Information systems are more interconnected than ever, putting more pressure on businesses to ensure cybersecurity and ultimately the availability, integrity, and confidentiality of their operations. Almost all companies and organizations today rely on IT and digital services to operate and deliver their services, making them vulnerable to cyber threats.
“Companies don’t do business in a vacuum – we’re all connected to globally distributed networks,” says Hadi Ghanbari, Assistant Professor of Information Systems at Aalto University and one of the lecturers of the Diploma in Cyber Security program.
The program at Aalto EE is aimed at professionals navigating cybersecurity issues who seek tools for cybersecure practices in today’s interconnected business environment. It employs a multidisciplinary approach to examine cybersecurity from different business and societal perspectives.
Cybersecurity skills and definitions should be revisited
Ghanbari has done empirical research on the socio-technical aspects of digital innovation, and he has taught master-level courses on information security management, secure systems design, and ethical issues and concerns in digital innovation. He believes that businesses should reconsider their approach to cybersecurity.
Even the most secure networks rely on users, and users can compromise an entire organization with the wrong actions."
Companies often address cybersecurity by adding more technical solutions, such as intrusion detection systems or antivirus applications, believing this is enough to protect their assets. This is problematic for two reasons.
“Firstly, in our interconnected digital world, we are not dealing with a small network with clear boundaries,” Ghanbari points out. In today’s environment, it is actually quite hard to protect your computing environment.
Secondly: “Cybersecurity is both a social and technical issue. Even the most secure networks rely on users, and users can compromise an entire organization with the wrong actions.”
The assistant professor adds that according to recent reports, employees and executives lack cybersecurity skills, surprisingly even basic digital skills.
“One reason for this is that cybersecurity has primarily been perceived as something very technical, perhaps solely the IT department’s responsibility,” he says. The reality calls for less black-and-white thinking.
Cybersecurity is a key element in maintaining digital resilience
Digital resilience requires that businesses can constantly protect and use their information assets, including systems and data, Ghanbari highlights. This way they can conserve the integrity of their operations and deliver value to customers.
Businesses that pioneer in cybersecurity consider it an integrated element of business strategy, not a separate function.
At the end of the day, executives are the ones deciding how cybersecurity is tackled and the organization’s assets are protected."
This also translates into the right organizational structure. Security officers should have a direct line of contact with the management, Ghanbari notes, and everyone on the board and executive level should be aware of the organization’s security status, risks, and strategies required to maintain resilience.
“At the end of the day, executives are the ones deciding how cybersecurity is tackled and the organization’s assets are protected,” he says.
While increasingly intelligent technology and artificial intelligence can help businesses to secure information and systems, attackers are also employing more advanced technology, making attacks more sophisticated. “Cybersecurity is a never-ending process,” Ghanbari reminds.
Social and ethical aspects, research in cybersecurity will be increased
A positive change is that despite a general lack of cybersecurity skills, awareness of the issues is increasing.
Ghanbari points out that the amount of research on cybersecurity and both private and public funding is on the rise. He believes that cybersecurity is a topic that will definitely see more importance in the future.
“Executives will be held accountable for their cybersecurity-related decisions, especially in the EU, where security and data protection are highly regulated.”
One often ignored aspect of cybersecurity is ethics. Not only do executives need to consider what cybersecurity competencies they need, says Ghanbari, they also need to be aware of the consequences of their decisions for stakeholders and society. The Diploma in Cyber Security program helps executives tackle cybersecurity threats in their respective environments and control risks.
A company that does not care about the security of personal information can quickly lose its customers to a competitor."
The ethics of cybersecurity addresses, for example, psychological damage to individuals, reputational perspectives, and legal aspects. Cyberattacks often have widespread effects – financial recovery does not erase the human suffering involved, and on the other hand, reputational damage eats away at financial performance.
“A company that does not care about the security of personal information can quickly lose its customers to a competitor,” Ghanbari says.
The Diploma in Cyber Security program will provide you with a comprehensive viewpoint and tools for cyber security management. The training will help you enable your company to become more resilient and to function in the highly digitalized world and cyber environment.
This article was originally published in Aalto Leaders' Insight in July 2022.