March 24, 2017 By Scott Koegler 3 min read

Creating a defensive and protective strategy is one of the core responsibilities for a security leader, but this is a tall order for any professional. That’s because security measures need to evolve as threats change over time. A static strategy simply isn’t good enough for a modern enterprise in today’s security landscape.

Five Issues to Drive Your Security Strategy

Forming a plan that can adapt with the times means focusing on a few core concepts. These five issues should be at the heart of your security strategy:

1. IoT Connections and Devices

The growth in IoT devices is making remote operations more convenient for businesses by sending status information derived from sensors, so it’s easier to make decisions about maintenance and evaluate the condition of the connected device. But many early stage IoT projects have been created without detailed attention to security concerns, leaving them vulnerable to intrusion.

Once the device has been compromised, it’s possible for an attacker to take any number of actions, including manipulating the device, sabotaging its data feed or potentially injecting malware into the network. IoT projects need to be closely monitored and evaluated for their compliance with security protocols.

2. Dealing With Big Data

Businesses are accumulating raw data at increasing rates. Some of that data is used for ongoing operations and processed through analytics engines to provide insights into the business’ successes and shortcomings.

Different sets of data may be combined in ways not initially intended and used to draw conclusions or make predictions to direct future plans. When the data is used for planning, it’s important to control access to the raw data and anonymize results. Data snoopers are experts at combining information from multiple sources to develop a complete record that can be used or sold.

3. Overall Connectivity

Mobile devices and cloud-based services are expanding the opportunities for enterprises to maximize their assets and increase the productivity of their employees. As companies transform their operations digitally, the number and types of connections increase the complexity of their networks. This results in more access points through which unauthorized access can be gained. Security professionals need to monitor and exert the appropriate amount of control over connections and systems.

4. Global Governmental Regulations

Security is a top priority for governments as they strive to protect their citizens. But different governmental bodies have varied agendas and viewpoints, which leads to overlapping — and possibly conflicting — rules. International consequences can become issues even for companies that don’t explicitly do business outside the U.S.

The European Court of Justice’s rejection of privacy rules involving the “Safe Harbor” shield have caused companies to reconsider their data storage policies. CISOs must be aware of the shifts in regulation and how they can affect operations, and then take precautions to abide by the multitude of rules in which their organizations operate.

5. Unfilled CISO Positions

The cybersecurity landscape is in constant flux, and enterprises rely on their top-ranking security officers to maintain the company’s systems and protect it from attack and theft. Well-qualified CISOs are in demand, but those applying for open positions may not possess adequate skills. TechTarget reported that “fewer than 25 percent of cybersecurity applicants are qualified to perform the skills needed for the job.”

Training and certification can help to bring existing staff up to speed and maintain the protection the enterprise needs. But these initiatives should be part of overall operations; the enterprise needs to place finding a person with the right skills and attitude at the top of their hiring priority list.

As the digital world becomes more complex and rates of change increase, enterprises need to constantly review their approach to security and look for gaps in coverage. The attitude with which they approach security is as important as the specific actions they take to secure their business for the short and long term.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today