Credit: IDG

Since 2014, CIOs have flagged cyber security as either their first or second most important IT management issue in the venerable IT Trends Study from the Society for Information Management.

Yet in 2013, cyber security came in just seventh in that same survey. What happened in a year? The infamous Target data breach, which resulted in an $18.5 million fine and the ignominious departure of Target’s CEO.

The cascading series of disastrous, high-profile breaches since then makes the Target breach seem almost quaint. The message is clear: Year over year, the risk of career-ending breaches looms larger as threats continue to balloon in number and potency.

Pity the poor CSO in the hotseat. Understandably, some feel compelled to jump on every new threat with a point solution, which plays right into the security software industry’s marketing strategy.

But no organisation’s cyber security budget is infinite. How can CSOs possibly determine how to allocate their defensive resources most effectively?

The simple answer is twofold: Rationally prioritise risk and, at the same time, make the most of the useful defences you already have in place. Few dispute that unpatched software and social engineering (including phishing) represent the highest risk in most organisations, followed by password cracking and software misconfiguration.

Cut through political and operational barriers to ensuring prompt patching, establish an effective security awareness program, train your ops folks to lock down configurations, and put two-factor authentication in place…and you’ll reduce your overall risk by a magnitude.

Sure, anyone can reel off other big risks and vulnerabilities. If you’re operating an electric utility, for example, you need to understand highly targeted threats to critical infrastructure and how to defend against them.

And when malicious hackers do inevitably breach your perimeter, the Zero Trust trend of instituting pervasive authentication among systems shows real promise in stopping attacks from moving laterally through organisations.

Managing risk as a way of life

Malware and hackers have plagued systems since floppy disks. But in recent years, a different sort of threat has arisen: The relentless pressure to innovate. Bob Violino, frequent contributing writer to CIO, explores the dirty little secret of our digital transformation era in “Security vs. innovation: IT’s trickiest balancing act.”

The point of his article is clear: If security or privacy is an afterthought, your transformative initiative will probably fail, potentially in spectacular fashion. Get the security architects in there early, however, and sensible security becomes integral to the successful outcome — and can add to the appeal of resulting applications.

Source link

Write a comment:

Your email address will not be published.