Equifax’s disastrous data breach exposed the private data of 143 million Americans, serving as a very public reminder of just how vulnerable companies of all sizes are to cybercrime. With cybersecurity top of mind for the public and the media, businesses are moving fast to shore up weaknesses. This includes hiring Chief Information Security Officers (CISOs), a C-suite position that oversees strategic asset and technology protection.
Chief Information Security Officers have plenty on their plate, with the potential for catastrophic business losses from any given breach. While there are a growing number of high-tech tools available to protect businesses, no company is invulnerable. These are three security challenges keeping your CISO up at night– and what your company can do right now to address these vulnerabilities.
All it takes is one person.
Even at major corporations with millions of dollars worth of cybersecurity defenses in place, all it takes is one mistake by one person to bring the whole business down. If a single employee clicks on a link in a phishing email, hackers can gain access to your entire infrastructure. One crack in the wall can bring down the entire fortress.
Solution: You can’t eliminate human error, but you help employees remain vigilant through comprehensive, cybersecurity training. A single, annual training day is not enough, nor is it sufficient to send a short memo detailing a new vulnerability. Threats evolve rapidly and employees need to be trained accordingly. Consider scheduling quarterly or monthly training refreshers.
Don’t put all your faith in a firewall defense.
I’ve seen too many companies install firewalls and malware software and think those tools are enough to protect them. Yes, these tools are important defenses, but they’re not enough to keep you safe from hackers. Worse, a firewall can lull you into a false sense of security that leaves you open to attack. Again, all it takes is one person to bring down any technological fortifications.
Solution: Organizations need to think holistically about security. A good security plan involves people and processes in addition to technology. Technology won’t be enough unless every one of your employees knows how to use it and there are processes in place to reduce vulnerabilities. This is where having a C-level executive who has broad authority across your organization is critical, who thinks about security full time, and who can create a holistic program to deal with threats.
Watch out for complacency: threats are continuously evolving.
Today’s sophisticated hackers are continuously developing new ways to break through your security defenses. The pace of innovation in cybercrime is truly staggering. Technology that protected your company a year ago will not necessarily protect you in the future, and it’s not enough to simply respond to threats as they arise. By the time you patch a vulnerability that you read about online, criminals are already developing a new means of attack.
Solution: Again, the continuously changing nature of cybercrime demands that companies have someone on their payrolls who thinks about security full time. That person needs to be completely comfortable with your current security tools and platforms, and continuously seeking to learn about new tools as they develop. Many of the companies I work with are empowering their security organization with talent and infrastructure in mind throughout their entire development lifecycle.
With all the recent headlines in this area, CISOs are definitely feeling the heat these days. But with the right technology, training and processes, it is possible to protect your business.
What changes have you made to your cybersecurity after the Equifax breach? I’d love to hear what you’ve done in the comments below.
Leave a Reply
You must be logged in to post a comment.