CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | November 20168CIOReviewSurging Need to Strengthen Data SecurityBy Sam Masiello, Chief Information Security Officer, TeleTechThe threat landscape continues to evolve on seemingly a minute-by-minute basis. With cyber criminals looking to breach organizations both from the outside-in and from the inside-out, both companies and their employees need to continue raising their game relative to the technical controls being used to prevent and detect compromise as well as the awareness methods being used in order to ensure that the people within the company know what a potential threat looks and acts like. Threats such as Business Email Compromises (BECs), phishing, and ransomware continue to evolve and become more sinister resulting in companies scrambling to figure out how they are going to protect their employees, network, intellectual property, and bank accounts. Given the ongoing success of these threat vectors and the staggering numbers accumulated by these attacks both in numbers of victims and monetary losses measured in the billions, they will not be going away anytime soon. It is too large of a market for cyber criminals to ignore.Significance of Cyber Security Awareness among EmployeesIt is important to maintain a delicate balance between technical controls used to prevent and detect cyber intrusion and carefully targeted awareness campaigns of how intrusions occur within the organization and how those intrusions manifest themselves within various parts of the business. For example, ensuring software developers understand the importance of a secure software development lifecycle, educating finance and treasury workers on BECs, and teaching people throughout the organization about the dangers and potential damages that can result from phishing and malware. Ultimately, everyone wants to do the right thing and does not want to be Patient Zero of how a malware infection or a system compromise brought about potentially thousands of hours of unproductive time or millions of dollars of fines upon the organization. To that end, however your employee population needs to be aware of how to identify when a threat is in front of them and know how to react and respond followed by the implementation of strong technical controls on the backend to support them if they make a mistake or can prevent the threat from ever appearing in front of the employee giving them the opportunity to make an incorrect decision in the first place.Understanding Requirements of Reliable NetworkOne of the most important things to remember is that your network is everywhere. You can no longer focus on the perimeter and believe that you will be protected enough because your network is borderless. You also cannot just focus on the endpoint because the company data that you are responsible for protecting also lives out in the cloud. Your network is wherever your employees are. This means that your network is in an office, in a hotel, on an airplane, in a taxi, on a boat, or everywhere in between. This makes the job of the cyber security professional more complex and difficult to control on a daily basis. One of the most important aspects of building a successful cyber security program is to ensure that it can incorporate itself into the business and protect the company's assets while at the same time not introducing too many barriers for the employee population to do their jobs. Such an approach to security can often lead to the opposite of the visibility that the security teams needs to be effective in their jobs. If the security organization introduces too many obstacles to basic productivity, users will look for and invent ways to establish workarounds such that the security team may lose visibility into how data is traveling into, out of, and across the network. This situation makes it nearly impossible for the security team to be effective, but is an avoidable situation that they ultimately brought upon themselves. Security and productivity must maintain a balance. Skew too heavily towards one or the other and the results can be disastrous.IN MY OPINION
< Page 7 | Page 9 >