Monday, March 20, 2017

Back to the basics: 3 security questions for executives

About a year ago on this blog, we discussed five cybersecurity questions of importance to every CEO. Those five fundamental questions are still relevant and important, but it should come as no surprise that there are many additional security topics that corporate executives need to exploreAn AT&T Cybersecurity Insights report that focuses on protecting data suggests that corporate executives should also be asking the following three questions. 
  1. What is my organization’s most sensitive data, where does it reside and over which networks does it travel? CEOs of course, can’t answer these questions themselves (other than, perhaps, which corporate data is most sensitive and valuable). But they can require that their IT departments and business units collaborate to find the answers.  
    Cybersecurity initiatives are doomed to fail if your company doesn’t know exactly what digital resources you’re protecting and where that data is located at any point in time. Given the huge volumes of business data being stored, transmitted and processed nowadays, this initial survey of your data landscape can prove as challenging as actually protecting your most-critical data.  
  1. How is the threat universe changing, in types and volumes of attacks as well as in attack objectives? If you want to know how cyberthreats are evolving, you can start by tracking how IT and corporate structures are changing. One pervasive operational change has been the rise of mobile workers using mobile devices. In bring-your-own-device (BYOD) companies, those mobile laptops, smartphones and tablets serve as both personal and corporate devices, making them especially vulnerable if poorly configured and managed. One-third of mobile devices have a medium-to-high risk of data exposure, according to one study. 
    The rise of Internet of Things (IoT) sensors and devices – some mobile, others not – has also greatly increased the attack surface at many firms. Is your company among them? CEOs need to make sure that any IoT initiatives include strong security controls built in to both the endpoint devices and the networks over which IoT data travels. Otherwiseanticipated benefits can be quickly overshadowed by distributed denial of service (DDoS) attacks, unauthorized data access, and even the malfunctioning or shutting down of IoT machines and vehicles.  
  1. What new or emerging cybersecurity tools should we consider deploying? CEOs need to ask their security experts this question regularly, and be ready to weigh the costs of enhanced security against the costs of data breaches and other forms of attack. The portfolio of protections available to companies – including both internally deployed tools as well as cloud-based security services – is growing rapidly in diversity and sophistication. Staying abreast of these advances – whether it’s fine-grained data encryption services or threat-analytics systems infused with machine learning – is becoming a necessary element of an executive’s job. 
Ultimately, more important than any specific questions, is the need for CEOs and other business executives to be engaged with their IT and security teams about cybersecurity threats, solutions and strategies. Through such engagement, the executives may find that the threats their organizations face are even more frightening than they imagined. But they will also learn that the means to counter those threats are increasingly powerful and effective. 
Dwight Davis has reported on and analyzed computer and communications industry trends, technologies and strategies for more than 35 years. All opinions expressed are his own. AT&T has sponsored this blog post

No comments:

Post a Comment