An article over at Security Intelligence discusses the 5 actions every CEO should take to increase security. These security actions apply whether your are a 5 person company or a multi-national corporation.
1. Increase the Security IQ of Every Employee
Ensuring a culture of security throughout the organization is essential and should cover every employee, whatever their role, and extend to business partners. Train them, test them on their level of awareness and follow up with phishing exercises to see how well they actually respond to threats.
2. Prepare to Respond Faster
Always assume a breach has occurred or will occur. Being unaware of a breach does not mean one hasn’t taken place. Today’s attackers are skilled and crafty. They will use any means available to get past defenses, so prevention alone is not enough. All organizations need to prepare to respond as quickly as possible. Plan, practice and make sure the right security tools are in place.
3. Safeguard BYOD
There is no turning back the tide with BYOD. IBM is fully aware of this and has enthusiastically embraced BYOD. However, there must be safeguards in place. In a recent study, nearly half of organizations reported that security incidents related to the use of mobile devices have cost their organization in excess of $250,000 to remediate. For every CEO, any security incident related to the use of mobile devices should be a serious concern. Technology solutions need to be backed up with effective governance, policies and workforce education.
4. Protect Your Assets
As stated in the 2013 report from the Commission on the Theft of American Intellectual Property, around 70 percent of the value of publicly traded corporations is estimated to be intellectual property. Protecting such valuable information needs to be a priority for any CEO as it requires both technology and considerable effort in identifying, classifying, protecting and prioritizing assets according to risk.
5. Leverage Security Intelligence
Given the number of threats every organization faces, manually sifting through data related to millions of events in a large enterprise network is a thankless task. Security is a big data problem. Applying big data analytics capabilities makes the task much easier, enabling organizations to sift through and analyze reams of data to gain actionable insight into what it actually means to the organization’s security posture. This way, more meaningful remediation decisions can be made.