As Christmas fast approaches, CISOs and cyber security experts around the world are busy putting plans in place for 2019 and reflecting on what could have been done differently this year. The high-profile data breaches have been no secret--from British Airways to Dixons Carphone to Ticketmaster--and the introduction of GDPR in May 2018 sent many IT professionals into a frenzy to ensure practices and procedures were in place to become compliant with the new regulation.
What the introduction of GDPR did demonstrate was that organisations should no longer focus on security strategies, which protect the organisation's network, but instead focus on Information Assurance (IA) which protects an organisation's data. After all --if an organisation's data is breached, not only will it face huge fallouts of reputational damage, hits to the organisation's bottom line and future prospecting difficulties, but it will also be held accountable to regulatory fines --up to as much as 20 million [euro], or 4% annual global turnover under GDPR. Stolen or compromised data is therefore an enormous risk to an organisation.
So, with the festivities upon us and many longing to see gifts under the tree, CISOs may be thinking about what they want for Christmas this year to make sure their organisation is kept secure into the new year and beyond. Paul German, CEO, Certes Networks, outlines three things that should be at the top of the list.
Backing from the Board.
Every CISO wants buy-in from the Board; and there's no escaping from the fact that cyber security must become a Board-level priority. However, whilst the correct security mindset must start at the top, in reality it also needs to be embedded across all practices within an organisation; extending beyond the security team to legal, finance and even marketing. The responsibility of securing the entirety of the organisation's data sits with the CISO, but the catastrophic risks of a cybersecurity failure means that it must be given consideration by the entire Board and become a top priority in meeting business objectives. Quite simply, a Board that acknowledges the importance of having a robust, innovative and comprehensive strategy in place is a CISO's dream come true.
A simple approach.
A complicated security strategy is the last thing any CISO wants to manage. The industry has over-complicated network security for too long and has fundamentally failed. As organisations have layered technology on top of...