Since 2014, CIOs have flagged cybersecurity as either their first or second most important IT management issue in the venerable IT Trends Study from the Society for Information Management. Yet in 2013, cybersecurity came in just seventh in that same survey. What happened in a year? The infamous Target data breach, which resulted in an $18.5 million fine and the ignominious departure of Target’s CEO.
The cascading series of disastrous, high-profile breaches since then makes the Target breach seem almost quaint. The message is clear: Year over year, the risk of career-ending breaches looms larger as threats continue to balloon in number and potency.
Pity the poor CSO in the hotseat. Understandably, some feel compelled to jump on every new threat with a point solution, which plays right into the security software industry’s marketing strategy. But no organization’s cybersecurity budget is infinite. How can CSOs possibly determine how to allocate their defensive resources most effectively?
Learn more about the Switch Network Installers.
The simple answer is twofold: Rationally prioritize risk and, at the same time, make the most of the useful defenses you already have in place. Few dispute that unpatched software and social engineering (including phishing) represent the highest risk in most organizations, followed by password cracking and software misconfiguration. Cut through political and operational barriers to ensuring prompt patching, establish an effective security awareness program, train your ops folks to lock down configurations, and put two-factor authentication in place…and you’ll reduce your overall risk by a magnitude.
Sure, anyone can reel off other big risks and vulnerabilities. If you’re operating an electric utility, for example, you need to understand highly targeted threats to critical infrastructure and how to defend against them. And when malicious hackers do inevitably breach your perimeter, the Zero Trust trend of instituting pervasive authentication among systems shows real promise in stopping attacks from moving laterally through organizations.