Who’s responsible for enterprise cybersecurity? Historically, CIOs and CTOs were the ones tasked with protecting network resources and ensuring companies were as prepared as possible for a data breach. The evolving information security landscape, however, demands organizational change: C-suite executives are increasingly held responsible for any holes poked in IT security.
According to SC Magazine, that’s just the beginning: Companies must bring application developers in on the ground floor of security discussions to develop consistent practices and “align security priorities” across the enterprise. But what does this kind of team effort look like?
No Safe Seats in a Data Breach
According to the International Association of Privacy Professionals (IAPP), cybersecurity has just recently worked its way into boardroom discussions. In large part, the louder volume of InfoSec conversations stems from high-profile data breaches, which in turn led to serious lawsuits.
For example, Target is facing a shareholder lawsuit alleging that the company failed “to maintain proper internal controls” and mislead affected customers about the scope of the data breach. Wyndham, meanwhile, is under fire for supposedly failing “to take reasonable steps to maintain their customers’ personal and financial information in a secure manner.”
More than just the possible monetary and reputation loss here is the prospect of suddenly vacant boardroom seats. As noted by SecurityWeek, a recent survey found that despite the pressure faced by CISOs to secure corporate infrastructure, CEOs top the list of responsible parties because cybersecurity is now viewed as a “broader business issue.” It’s imperative, therefore, that boardrooms provide time and space for cybersecurity discussions before a data breach occurs.
From the Ground Up
Given the shifting nature of security threats, it’s critical for boards to get more involved and understand the scope — and limitations — of InfoSec efforts. In fact, “70 percent of execs want more oversight and participation from board members, chairpersons and CEOs for data breach preparedness,” SC Magazine stated.
While this is a welcome change, involving the boardroom only covers the last leg of the IT security race. To ensure consistent protection from code to commercial production, companies must also involve those on the front lines: application developers.
The SC Magazine article likened the process to building a house. While C-suite executives draft a blueprint of company strategy and long-term goals, turning paper plans into reality demands the expertise of highly skilled contractors — in this case, app developers. While CISOs, CTOs and CIOs help design policies and processes that ensure apps aren’t misused by employees and campaign for sufficient resources to address existing and upcoming security concerns, bringing devs into the process lets companies address problems at the code level.
Think of it like this: While it’s possible to go back and move walls or correct serious gaps in an HVAC system after a home is built, it’s much easier (and cheaper) to catch these problems during the construction process. Bringing devs on board helps ensure a secure build from the first line of code, meaning C-suites can focus on outside threats rather than inside issues.
Want better data breach preparation? Opt for a team effort: CIOs, CEOs, IT pros and application developers must communicate to control security risk.