Creating a defensive and protective strategy is one of the core responsibilities for a security leader, but this is a tall order for any professional. That’s because security measures need to evolve as threats change over time. A static strategy simply isn’t good enough for a modern enterprise in today’s security landscape.
Five Issues to Drive Your Security Strategy
Forming a plan that can adapt with the times means focusing on a few core concepts. These five issues should be at the heart of your security strategy:
1. IoT Connections and Devices
The growth in IoT devices is making remote operations more convenient for businesses by sending status information derived from sensors, so it’s easier to make decisions about maintenance and evaluate the condition of the connected device. But many early stage IoT projects have been created without detailed attention to security concerns, leaving them vulnerable to intrusion.
Once the device has been compromised, it’s possible for an attacker to take any number of actions, including manipulating the device, sabotaging its data feed or potentially injecting malware into the network. IoT projects need to be closely monitored and evaluated for their compliance with security protocols.
2. Dealing With Big Data
Businesses are accumulating raw data at increasing rates. Some of that data is used for ongoing operations and processed through analytics engines to provide insights into the business’ successes and shortcomings.
Different sets of data may be combined in ways not initially intended and used to draw conclusions or make predictions to direct future plans. When the data is used for planning, it’s important to control access to the raw data and anonymize results. Data snoopers are experts at combining information from multiple sources to develop a complete record that can be used or sold.
3. Overall Connectivity
Mobile devices and cloud-based services are expanding the opportunities for enterprises to maximize their assets and increase the productivity of their employees. As companies transform their operations digitally, the number and types of connections increase the complexity of their networks. This results in more access points through which unauthorized access can be gained. Security professionals need to monitor and exert the appropriate amount of control over connections and systems.
4. Global Governmental Regulations
Security is a top priority for governments as they strive to protect their citizens. But different governmental bodies have varied agendas and viewpoints, which leads to overlapping — and possibly conflicting — rules. International consequences can become issues even for companies that don’t explicitly do business outside the U.S.
The European Court of Justice’s rejection of privacy rules involving the “Safe Harbor” shield have caused companies to reconsider their data storage policies. CISOs must be aware of the shifts in regulation and how they can affect operations, and then take precautions to abide by the multitude of rules in which their organizations operate.
5. Unfilled CISO Positions
The cybersecurity landscape is in constant flux, and enterprises rely on their top-ranking security officers to maintain the company’s systems and protect it from attack and theft. Well-qualified CISOs are in demand, but those applying for open positions may not possess adequate skills. TechTarget reported that “fewer than 25 percent of cybersecurity applicants are qualified to perform the skills needed for the job.”
Training and certification can help to bring existing staff up to speed and maintain the protection the enterprise needs. But these initiatives should be part of overall operations; the enterprise needs to place finding a person with the right skills and attitude at the top of their hiring priority list.
As the digital world becomes more complex and rates of change increase, enterprises need to constantly review their approach to security and look for gaps in coverage. The attitude with which they approach security is as important as the specific actions they take to secure their business for the short and long term.
Freelance Writer and Former CIO