IT security is a matter of accountability
by Raj Sabhlok - President at Zoho - Monday, 1 September 2014.
For today’s CEO, being the victim of criminal hackers is no longer just a source of embarrassment. Being hacked often carries legal ramifications and can even cost you your job. We live in the age of transparency, where ‘mega breaches’ and data theft from an organization are increasingly hard to keep from the customer. It has never been more challenging for a CEO who must accept responsibility for IT security incidents, thoroughly assess the risks and remain vigilant to potential threats.

Accepting responsibility

The CEO has always had responsibility for the overall growth and health of his or her organization. Bottom-line issues such as manufacturing and marketing, for example, were traditionally within their remit. However, in the digital age security has become a fundamental bottom-line issue. Invariably, the cost of investing in adequate IT security measures is lower than the cost of recovering from a breach.

Good data protection practices should be at the heart of important organizational goals such as compliance and reputation. At the end of the day, the market will punish a company that loses the trust and business of its customers.

Assess the risks

A thorough risk assessment of an organization should be a top priority. A good CEO would look at external risks – eg those of competitors, new entrants, market forces; and internal risks, eg finances, and human resources. IT and security should now be a priority in this latter bracket.

From an IT perspective, it is crucial to know where you are vulnerable, both inside and outside your firewall. You may not have complete visibility over what applications your customers are accessing, but this can be solved. Vulnerability and risk assessments, as well as penetration testing by trusted third-party firms are now just as important as the quality of your product or service.

Putting software and hardware to one side, one of the greatest potential threats inside the corporate firewall is that of the disgruntled employee. Many high profile breaches include some element of internal, malicious or careless activity carried out by employees or contractors who work for the company. How can C-level executives know how social media channels are being used by employees to liaise with customers? This lies at the intersection between technology and people management, both of which the CEO must take a role in.

The rise of BYOD and mobile working also presents significant cyber security risks. With more and more employees accessing corporate data through tablets and smartphones, these devices and apps especially are ripe for compromise, providing hackers with more ways in to steal private company information such as passwords and files.

Bolstering background checks and personnel security is a wise decision. But, CEOs may also want to rethink data access policies. Specifically, policies that define who in your organization has access to corporate and customer data, should be evaluated. In the digital age, now is the perfect time to separate these two data classes, providing only the most trusted employees access to customer data on an as-need basis. These access restrictions should then be applied across the board.

Nurturing support

You are only as good as the people you have around you. In order for CEOs to truly prioritise IT security as a business issue, having a dynamic and innovative supporting CIO is necessary. A CIO who is willing to collaborate with the top executives and invest in the right technologies that will protect an organization from hackers, can accelerate business growth. CEOs should look to employ CIOs who can move fast and anticipate cyber threats.

Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Dec 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //