In a changing threat landscape, worry comes with the job for CIOs and CISOs. Keeping the organisation secure when vulnerabilities and threats are commonplace is difficult, particularly when it must also remain compliant while technologies and regulations rapidly shift. In a recent expose by The Wall Street Journal, CIOs and CISOs revealed their deepest worries. So what are their top concerns, and how can security teams help to combat them?
CIOs and CISOs have a wealth of data at their disposal – but the sheer volume of that data can present its own issues. Each organisation’s cyber security challenges are unique, so selecting the information that will demonstrate the business’ security stance to the board isn’t easy. As The Wall Street Journal explains, each CIO and CISO faces “an individual quest to find the right metrics” that are relevant to the business.
This can be tackled by tying vulnerability data to the business applications that may be affected. The various stakeholders can then quickly and easily weigh up the options and timing of remediation efforts based on the risk to the business versus the impact of downtime on productivity.
Knowing your allies
Solid cyber defences alone will not protect an organisation, they must also be diligent when working with partners, ensuring they also handle their security with care. As we know suppliers, partners and subcontractors can also provide cyber criminals with a way in to an organisation’s network.
Still, 36% of companies fail to apply the same or higher standards to partners as they apply to their own business. While it’s likely that you trust your business partners, it’s worth remembering that they are as vulnerable to attack as any organisation.
Organisations can take steps to properly secure connections with external partners. Meanwhile, when performing network maintenance or remediation after an intrusion or outage, it’s important to ensure that your IT team has visibility of both the external connections and the relevant technical information in the contract.
Limiting uninvited intruders
As we’ve discussed recently, it is equally important to apply this level of caution to internal access. As technology enables business to become more mobile, organisations’ most precious data becomes more vulnerable to attack. If all employees have access to everything on the network, it is more likely that a cyber-criminal could successfully gain access to sensitive data.
One approach cited by The Wall Street Journal is to employ a policy of zero trust, where users are only given access to the sections of apps or data that are business-critical for that personnel, as opposed to providing all employees with access to everything on the network via a single sign-on. This can be complex to manage, but effective permission management and network segmentation is the best way of keeping internal intruders at bay.
While there are other major concerns for CIOs and CISOs, it’s comforting to know that with the right approach and the right solutions, there are ways to help them sleep soundly. To read the full report in The Wall Street Journal, click here.