As Christmas fast approaches, CISOs and cyber security experts around the world are busy putting plans in place for 2019 and reflecting on what could have been done differently this year.
The introduction of the General Data Protection Regulation (GDPR) and the numerous high profile breaches demonstrated that organizations should no longer focus on security strategies, which protect the organization’s network, but instead focus on Information Assurance (IA) which protects an organization’s data. After all – if an organization’s data is breached, not only will it face huge fallouts of reputational damage, hits to the organization’s bottom line and future prospecting difficulties, but it will also be held accountable to regulatory fines. Stolen or compromised data is an enormous risk to an organization.
So, with the festivities upon us and many longing to see gifts under the tree, CISOs may be thinking about what they want for Christmas this year to make sure their organization is kept secure into the new year and beyond. So, CISOs – what can Santa bring you this year?
1. Backing from the Board
There’s no escaping from the fact that cyber security must become a Board-level priority. However, whilst the correct security mindset must start at the top, it also needs to be embedded across all practices within an organization; extending beyond the security team to legal, finance and even marketing. The responsibility of securing the entirety of the organization’s data sits with the CISO, but the catastrophic risks of a cybersecurity failure means that it must be given consideration by the entire Board and become a top priority in meeting business objectives. Quite simply, a Board that acknowledges the importance of having a robust, innovative and comprehensive strategy in place is a CISO’s dream come true.
2. A simple approach
A complicated security strategy is the last thing any CISO wants to manage. The industry has over-complicated network security for too long and has fundamentally failed. As organizations have layered technology on top of technology, not only has the technology stack itself become complex, but the amount of resources and operational overhead needed to manage it has contributed to mounting costs. A much more simple approach is needed, which involves starting with a security overlay that will cover the networks, independent of the infrastructure, rather than taking the narrow approach of building the strategy around the infrastructure. From a data security perspective, the network must become irrelevant, and with this flows a natural simplicity in approach.
3. A future proof solution
The cyber landscape is constantly evolving; with new threats introduced and technology appearing that just adds to the sophisticated tools that hackers have at their disposal. What a CISO longs for is a solution that keeps the organization’s data secure, irrespective of new users or applications added, and regardless of location or device. By adopting a software-defined approach to data security, which centrally enforces capabilities such as software-defined application access control, data-in-motion privacy, cryptographic segmentation and a software-defined perimeter, CISOs can ensure that data is protected in its entirety on its journey across whatever network it goes across, while hackers are restricted from moving laterally across the network once a breach has occurred. Furthermore, the solution can protect an organization’s data not only in its present state, but into the future. By enforcing a solution that is software-defined, a CISO can centrally orchestrate the security policy without impacting network performance, and changes can be made to the policy without pausing the protection in place.
Three simple wishes
High-profile data breaches won’t go away any time soon, so it is the organizations that have the correct mindset, with Board-level buy-in and a unified approach to securing data that will see the long-term advantages. Complicated, static and siloed approaches to securing an organization’s data should be a thing of the past. But, the good news is that everything on a CISOs Christmas wish list is attainable (although not able to be wrapped), and should appear underneath the tree.
What do you wish for this year? Add our solutions to your Christmas list and find out more about them.