March 24, 2017 By Scott Koegler 3 min read

Creating a defensive and protective strategy is one of the core responsibilities for a security leader, but this is a tall order for any professional. That’s because security measures need to evolve as threats change over time. A static strategy simply isn’t good enough for a modern enterprise in today’s security landscape.

Five Issues to Drive Your Security Strategy

Forming a plan that can adapt with the times means focusing on a few core concepts. These five issues should be at the heart of your security strategy:

1. IoT Connections and Devices

The growth in IoT devices is making remote operations more convenient for businesses by sending status information derived from sensors, so it’s easier to make decisions about maintenance and evaluate the condition of the connected device. But many early stage IoT projects have been created without detailed attention to security concerns, leaving them vulnerable to intrusion.

Once the device has been compromised, it’s possible for an attacker to take any number of actions, including manipulating the device, sabotaging its data feed or potentially injecting malware into the network. IoT projects need to be closely monitored and evaluated for their compliance with security protocols.

2. Dealing With Big Data

Businesses are accumulating raw data at increasing rates. Some of that data is used for ongoing operations and processed through analytics engines to provide insights into the business’ successes and shortcomings.

Different sets of data may be combined in ways not initially intended and used to draw conclusions or make predictions to direct future plans. When the data is used for planning, it’s important to control access to the raw data and anonymize results. Data snoopers are experts at combining information from multiple sources to develop a complete record that can be used or sold.

3. Overall Connectivity

Mobile devices and cloud-based services are expanding the opportunities for enterprises to maximize their assets and increase the productivity of their employees. As companies transform their operations digitally, the number and types of connections increase the complexity of their networks. This results in more access points through which unauthorized access can be gained. Security professionals need to monitor and exert the appropriate amount of control over connections and systems.

4. Global Governmental Regulations

Security is a top priority for governments as they strive to protect their citizens. But different governmental bodies have varied agendas and viewpoints, which leads to overlapping — and possibly conflicting — rules. International consequences can become issues even for companies that don’t explicitly do business outside the U.S.

The European Court of Justice’s rejection of privacy rules involving the “Safe Harbor” shield have caused companies to reconsider their data storage policies. CISOs must be aware of the shifts in regulation and how they can affect operations, and then take precautions to abide by the multitude of rules in which their organizations operate.

5. Unfilled CISO Positions

The cybersecurity landscape is in constant flux, and enterprises rely on their top-ranking security officers to maintain the company’s systems and protect it from attack and theft. Well-qualified CISOs are in demand, but those applying for open positions may not possess adequate skills. TechTarget reported that “fewer than 25 percent of cybersecurity applicants are qualified to perform the skills needed for the job.”

Training and certification can help to bring existing staff up to speed and maintain the protection the enterprise needs. But these initiatives should be part of overall operations; the enterprise needs to place finding a person with the right skills and attitude at the top of their hiring priority list.

As the digital world becomes more complex and rates of change increase, enterprises need to constantly review their approach to security and look for gaps in coverage. The attitude with which they approach security is as important as the specific actions they take to secure their business for the short and long term.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today