What do Executives need to Know About Cybersecurity?
As a leader in your IT organization, you understand that cybersecurity is an issue that increasingly makes its way up to the C-suite. But how do you answer their most pressing questions? How do you present solutions that strike the balance between security and operations?
How do you make the most compelling case for more resources to protect your enterprise? With the costs of just one data breach running in the tens of thousands or even hundreds of thousands of dollars, the stakes are high. And as more and more data moves outside of your organization through mobile working and the sharing of information, helping your Board of Directors to understand the risks involved is imperative.
Looking at topics from the need to educate employees on how to manage technology sprawl, our research breaks
through some common myths of building an IT security plan. This data can help you to address some commonly held misconceptions and to focus on the high-value points that will make the best case to your Board of Directors for greater allocation of resources and budget.
Myth #1: Employee education is a nice add-on item.
If only it were that simple. The fact is that the actions of your employees can cause a great deal of harm to your organization. Human beings are still the weakest link in the security chain. Whether it’s intentional or unintentional, employees can leak sensitive data from your organization, leaving your IT department scrambling to mitigate the damage. Many employees have a false sense of security around IT issues, believing that they do not play a role. Helping them to understand the dangers of phishing, spearphishing and social engineering and how they can help to stop those threats will benefit your organization by shoring up an important first line of defense against hackers.
Among enterprise companies, there is an increasing understanding that internal IT departments alone cannot educate employees, which is why they need the support of executives within their organization. And because threats keep evolving, cybersecurity education is an ongoing process
Myth #2: Security is an internal issue.
Many small companies have the notion that they are too small to be a target for cybercriminals. In fact, in the past year, 69% of all very small businesses under 100 employees have suffered an attack.4 Since many of these small businesses are vendors to larger organizations, they often unwittingly act as a portal through which cybercriminals can get to larger enterprises who have the really valuable data. In short, no size organization is immune from cyber attacks.
With greater awareness of widespread and high profile security incidents, expectations are higher than ever that partners and vendors will provide a secure environment for transactions. The fact is that many companies are not keeping up with these expectations.
And as more and more organizations report security incidents in which their partners were implicated, it’s clear That third-party vulnerability is not only an emerging concern but also a possible cost. If you are a third-party vendor that can demonstrate strong capabilities in this area, it will be a compelling selling point when negotiating contracts. More important, it will save your company the mitigation, disaster recovery costs and reputational damage that can do much greater long-term damage.
Myth #3: Endpoint protection is a set point on the IT landscape.
With the average information worker using three devices, securing all of your endpoints is becoming a greater challenge that encompasses desktops, servers, and mobile devices at the minimum. Add to this the fact that more and more data is moving outside of your organization every day, and you have the challenge of trying to fit together the many moving parts of information security into one viable solution.
So, how do you tackle cybersecurity challenges when so many of your endpoints are moving outside your perimeter? More important, how do you communicate to executives that this is a facet of cybersecurity that affects every corner of your organization?
Start with planning for complexity. Knowing that your organization will be adding people and devices over the next year, all C-level executives should understand that a truly effective cybersecurity platform is one that includes plans for growth and leaves room for flexibility. With 52% of businesses saying that the careless actions of employees are their biggest IT security weakness, 6 securing your organization beyond the desktop and server is an essential component of any enterprise security budget.
Myth #4: One attack cannot bring down a whole system.
All it takes is one weak point. That’s all cybercriminals are looking for in order to gain access to your organization’s most sensitive data.
Sophisticated threats are constantly emerging, and cybercriminals are developing more innovative techniques to circumvent security technologies. Some of the most insidious of these attacks are APTs, which comprise 1% of the threat landscape but which are among the most dangerous threats to any enterprise organization.
The rise in targeted attacks in the past year is particularly sharp amongst enterprises and businesses in the financial services and industrial sectors. In order to combat APTs, your IT department must engage all of the solutions at its disposal to defend against this growing threat.
At the heart of this defense is building a strong data center to support your vital business processes. When a single
network worm can take your whole system offline, you need a data center that combines the best security to defend against the most serious threats with the flexibility to meet the performance needs of your organization. With a planned solution that eliminates all the identifiable gaps, you can stay ahead of the most advanced and persistent threats that comprise the greatest threats to your organization.
Myth #5: You can protect your virtual infrastructure with existing, traditional security software.
When rolling out a virtual infrastructure, the issues can be highly complex and difficult to grasp. In fact, only one-third of organizations possess strong knowledge of each solution available to them for securing a virtual environment.
Why all the confusion?
It all stems from a misconception about what kind of technology is appropriate for a virtual environment. Multiple devices and multiple applications can leave systems open to vulnerability, while also adding complexity that traditional security solutions were not designed to deal with. Add to that the growing amount of data stored on virtual servers, as well as virtual-specific malware, and you have a whole new landscape of threats.
By implementing a virtual security solution, such as Kaspersky Security for Virtualization (KSV), your business can address those threats with technology that supports the unique needs that your virtual infrastructure requires.
With the costs of a virtual data breach running double the costs of a data breach in a traditional environment, it’s clear that a traditional approach to virtualization security is a risky proposition that most enterprises should not be taking.
An article by Kaspersky Lab