They formalise and enforce corporate security policies, rather than simply seek to ensure compliance with external standards. They prioritise employee education alongside technology deployment and they build defences into every layer of the network and connection point.
This holistic approach will include a combination of premise-based and cloud-based architectures with customised security, trust and protection profiles as well as protection against malicious email attachments and phishing schemes, plus encryption and authentication solutions. It will also encompass services that detect and respond to suspicious activity in the network, beyond the corporate firewall, and that continuously assess emerging threats to reduce future risk.
Two of the most important determinants of your readiness to manage the security attacks that bombard all organisations today are the status of your Chief Information Security Officer (CISO) and your understanding of your organisation's risk profile.
The Strategic CISO
Information security is no longer an exclusive function of IT support, concerned primarily with passing audits to prove compliance. Organisations serious about their security are now appointing CISOs and empowering them to strengthen data protection planning and other measures.
The modern CISO is a highly technical security professional with strategic responsibility for information risk management and business continuity. With influence at the highest level of the organisation and the necessary budgetary authority to effect change, CISOs are crucial to achieving a cyber security approach that is proactive and forward-thinking in the face of unrelenting and ever-escalating security challenges.
Indeed, research bears this out. Companies with a strong security posture, an incident response plan and a designated CISO have been shown to greatly reduce their data breach costs.[iv]
Understanding Your Risk Profile
Understanding what makes your organisation attractive as a target is half the battle to effectively defend against any cyber threat. To this end, it is essential for organisations to consistently and effectively asses their risk profile including a thorough evaluation of threats, vulnerabilities, and gaps between their existing security posture and best practices. Even the most basic assessments should cover network security architecture; penetration testing; wireless security; and policies, procedures, and standards.
A comprehensive risk profile provides visibility into critical risks and potential breach points by identifying and analysing the effectiveness of security controls and exposing weaknesses. They can also be used to help evaluate your incident response capabilities and provide management with real world attack scenarios that simulate actual compromises.
A deep understanding of your risk profile is the edge you need in a world of high and escalating levels of cyber crime and ever more sophisticated cyber criminals, continually evolving and complex security technologies and regulatory mandates, and the additional challenge of larger mobile workforces and increasingly common bring-your-own-device programmes.
Sign up for CIO Asia eNewsletters.