What Security Leaders Can Learn from Marketing

What Security Leaders Can Learn from Marketing
Employees can no longer be pawns who must be protected all the time. They must become partners in the battle against threats.

As someone with responsibility over both marketing and security teams, I've noticed some remarkable parallels between the two. The relationship that feels particularly pertinent today is the idea that every employee is responsible for security, not just the IT/security organization.

Rewind to the early 2000s, and accountability for a brand's reputation lay squarely with the marketing department. The most effective ways to shape public perception were through traditional means, using advertising and corporate PR campaigns. Fast forward a decade and everything has changed. With social media accounts and an always-on communications sphere, suddenly every employee has the power to cause a brand crisis and send share prices tumbling. Marketing has had to adjust fast, and there are now all kinds of technologies and processes that significantly reduce reputational risk while empowering employees to avoid disasters and actively become advocates for the brand.

What does this have to do with security? Well, there's a familiar trend taking place in this space, too.

The Good Old Days One of the issues facing security leaders over the past few years has been the almost overwhelming growth of attack vectors. Even a decade ago, the vast majority of employees sat behind desks using Windows computers inside corporate offices, accessing corporate data over Ethernet cables into a protected intranet. Smartphones were just starting to make inroads, but business apps were limited in number and functionality, and 4G was in its infancy. IT and security teams were almost exclusively responsible for managing the risk of a cybersecurity crisis — just like with marketing and PR crises.

Today's workplace is almost unrecognizable. More employees than ev ..