When thinking about the C-suite’s priorities, people tend to focus on growth, security, digital transformation or, more recently, keeping a remote workforce running. All of these aspects are important to keep the business profitable, remain at the forefront of innovation, maintain shareholder satisfaction and ensure that employees are safe, equipped and content. Yet, there is something that underpins every one of these priorities: digital trust. And without it, every area of the business would cease to function.
Ben King is Chief Security Officer at Okta.
Digital trust is a concept no business leader can ignore today. With most of the world working online, digital trust is vital in order for CXOs to trust that employees are doing their jobs, that the workforce is keeping cybersecurity threats at bay, and that trust is cultivated with customers.
The fundamentals of trust in an evolving cybersecurity landscape
Trust will always be intangible and requires belief in three key aspects: reliability, truth and ability. We need to have belief that someone or something will deliver on the promises made, can be relied on to be truthful, and is capable of what they set out to achieve in order for us to place our trust in it. The issue of digital trust has come to the fore for CXOs amidst the challenges presented by the pandemic in the last year, as we have shifted to a remote working structure.
In this context, it is even more vital that organizations are aware of which employees, partners and customers they can trust to access their data and systems. Vice versa, these employees, partners and customers must trust that an organization can protect any personal data they share.
Effective security tools and policies, especially those focused on seamlessly managing the identities of users, help to drive stakeholder trust. And an organization with stringent security in place can trust that each stakeholder only has as much access to business systems as required. This symbiotic online relationship between organization and stakeholder is digital trust.
How organizations can cultivate digital trust through their security policies
Business and IT leaders must be transparent about the cybersecurity measures and policies they are implementing to foster trust and staff buy-in. We have seen an increase in the number of cyberattacks during the lockdown period as malicious actors attempt to take advantage of the increased threat vectors. F5’s 2020 Phishing and Fraud Report saw a 220% increase in phishing attacks during the pandemic compared to the yearly average.
Okta’s Digital Trust Index found that 34% admit to not knowing if their employer has done anything to protect them from cyberthreats, indicating that businesses need to do more to communicate and educate employees. This is problematic for CXOs, because user uncertainty around cybersecurity measures puts the business at greater risk. If employees are unclear about what is and what isn’t protected by the organization’s security platforms, they are unable to apply best practice online, so are less able to identify issues when they arise. CXOs must improve their communication with employees to ensure they are effectively educated on their organization’s cybersecurity measures.
The importance of education
Security must always be the first layer of trust. For employers, partners and customers, it is vital they feel secure sharing their data. And for trust to be cultivated by organizations, education is crucial. Amidst the need for better education, the cyberthreat landscape is constantly evolving, with new tricks and methods tried out frequently. CXOs have a responsibility to ensure that this education is a continuous process. Since the shift to mass remote work, many office workers have become more aware of phishing, data breaches and new risks such as deepfake fraud. But businesses must also ensure they are staying ahead of the game as much as they can in order to combat these new threats with new approaches, and engaging in ongoing conversations with employees while doing so.
In the enterprise, it begins with a Zero Trust approach focused on validating identity before trusting anyone in the digital realm. The ultimate strategy puts identity at the heart of digital security, and invokes risk-based access policies and continuous and adaptive authentication, meaning identity validation is required for user access to be granted. As enterprises move towards this, it is vital that users are kept afoot with the evolving nature of the cybersecurity policies in place. The growth in knowledge across all levels of the business will lead to improved understanding and a stronger belief in the reliability, truth and ability that together form the basis of digital trust. When this is applied effectively, this trust from employees, partners and customers will not only mitigate harm, but will ultimately drive loyalty, revenue and value for organizations. Whether they are aware of it or not, digital trust reinforces each priority on CXOs’ agendas, and will continue to grow in importance as we delve deeper into a digital world.
- We've featured the best business VPN.
