Security challenges facing CIOs will continue to escalate because the payoffs are high for perpetrators, and risks are relatively low. Here are four tips to help turn your organization -- and your data -- into less appealing targets for the bad guys.
While no organization can be completely protected, strategies can be put in motion to significantly reduce the potential of a data breach -- or at least minimize the impact when a breach does occur. Here are four ways CIOs can prepare to handle security threats in the next 12 months and beyond.
1. Get a Handle on Endpoint Devices.
BYOD is mainstream. The number of connected Internet of Things (IoT) devices in use is expected to surge beginning early this year. It's key that your IT organization is able to actively identify, monitor, and control any device that attempts to access corporate resources.
Adding in technologies such as identity and access management should be at the forefront of most CIO to-do lists this year. Visibility out to the edge is no longer a nice-to-have capability, it's an absolute necessity.
Work with your counterparts in information security, governance and compliance, HR, and legal to develop plans of action that specifically address different types of extortion scenarios. Consult with law enforcement groups and security experts to make sure you're covering all your bases and minimizing your risk as much as possible.
3. Social Engineering Training
It may seem absurd that in 2016, CIOs still must train employees against social engineering attempts. But social engineering attacks are growing increasingly sophisticated and can fool even the savviest of employees.
Younger employees may be your greatest risk, as they're already accustomed to different views about personal privacy, leading them to expose your organization by openly sharing on social media all manner of details about their professional lives and the places they work. Such information can be easily mined to form a tailor-made spear-phishing email that will gain the trust of an employee. Once that's done, it's game over.
Don't wait to start training your employees in how to avoid becoming a victim of social engineering.
4. Hire a Data Protection Officer.
If 2015 taught us anything in the world of data security, it's that it can't be quarterbacked by the CIO alone. In 2016, one of the fastest growing IT security management roles is likely to that of a Data Protection Officer (DPO).
The role is a regulatory requirement for enterprise organizations in some parts of the world. A DPO is responsible for the legal and technical details behind your data security strategy. From there, the guidance can percolate up to the CIO and be put into action throughout the organization.
Security challenges facing CIOs will continue to escalate because the payoffs are high for perpetrators, and risks are relatively low. Until something changes to level the playing field, CIOs are going to have to do whatever they can to turn their organizations -- and their data -- into less appealing targets for the bad guys.
**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.
Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.