If enterprises could only learn one thing from the data breaches of 2014, it should be this: Cybersecurity is serious business that deserves serious attention at the highest levels of every organization. Data breaches, whether they lead to the theft of customer credit card data, as was the case in the Target breach, or the exposure of confidential corporate information, as was the case for Sony, can lead to dire consequences for brands and the bottom line. It’s time for the C-Suite to make data security a priority—and to make room at the table for a C-level executive in charge of protecting corporate data.
Doing so will position your organization ahead of the competition when it comes to cyber defense. 69%of CEOs still “don’t take security seriously enough,” BT Global Services CEO Luis Alvarez recently wrote for the World Economic Forum. And that inattention trickles down through the organization: less than half of organizations don’t have a formal security policy for personal device use at work, less than half of organizations provide employee training on cybersecurity, and “only 26% of organizations believe they have sufficient resources in place to prevent a mobile security breach,” Alvarez elaborated.
Given the increasing ubiquity and sophistication of cyberattacks on global enterprises, this means that a majority of corporations are setting themselves up for Sony-style disaster unless they make necessary improvements. As Accenture CEO Pierre Nanterme said, the “four biggest challenges the tech industry faces in coming years are security, security, security and security.”
To figure out where those improvements must be made, Alvarez suggests that organization leaders speak with their security executives or heads to find out:
How prepared the organization is against Advanced Persistent Threats (APTs)
How effectively security policy, including training and awareness programs, are being applied to organization employees
Whether the organization has both up-to-date threat intelligence and personnel qualified to defend against threats
Of course, that’s if the organization has a security head in the first place, and if it doesn’t, it should appoint one. Moving forward in today’s hazardous environment, cybersecurity must be a top priority, and that means making a change to corporate culture: “Cybersecurity is more than a technical matter, it’s a human one,” Alvarez wrote.
Appointing an experienced, qualified CISO or partnering with a third-party cybersecurity firm is the first step. Such an appointment or partnership sends the message that the organization is aware of the data security risks of today and committed to doing whatever it takes to defend against hacks and leaks, even when “whatever it takes” includes working with third parties that can provide more threat intelligence, as Alvarez recommends. With a clear mandate to secure the organization’s sensitive data assets, corporate security leadership and partners can then take meaningful steps, such as:
Building a team of competent security professionals.
Evaluating existing security infrastructure and making changes where needed.
Assessing cloud deployments and applying technologies such as cloud data encryption to secure data hosted by third parties.
Developing, communicating, and enforcing clear data security and access policies across the organization.
Monitoring user activity to detect and stop suspicious or anomalous behavior.
Providing employee training that covers cybersecurity, regulatory compliance, and other data security best practices. “People are often the cause of security breaches” due to “ignorance or carelessness,” Alvarez pointed out.
These steps will help mitigate the risks of today’s computing environments and go a long way towards preventing your company from falling victim to the attacks that have caused massive headaches at global corporations.
Ready to make a case for better security at your organization? Check out our on-demand webinar, “Building a Business Case for Cloud Information Protection,” to learn ways to make cloud security a business priority.