Several high-profile data breach cases from last year have put security front-and-center for many CIOs and IT professionals I work with on a daily basis. It's also the one area CIOs tend to lose the most sleep over.
While no organization can be completely protected, strategies can be put in motion to significantly reduce the potential of a data breach -- or at least minimize the impact when a breach does occur. Here are four ways CIOs can prepare to handle security threats in the next 12 months and beyond.
1. Get a Handle on Endpoint Devices.
BYOD is mainstream. The number of connected Internet of Things (IoT) devices in use is expected to surge beginning early this year. It's key that your IT organization is able to actively identify, monitor, and control any device that attempts to access corporate resources.
Adding in technologies such as identity and access management should be at the forefront of most CIO to-do lists this year. Visibility out to the edge is no longer a nice-to-have capability, it's an absolute necessity.
2. Data Extortion: What's your plan?
According to research from TrendMicro, data theft for the purpose of extortion is likely to be on the rise. In such situations, time is not on your side.
[What's in your career improvement plan? Read 10 Skills CIOs Need to Survive, Thrive in 2016.]
Work with your counterparts in information security, governance and compliance, HR, and legal to develop plans of action that specifically address different types of extortion scenarios. Consult with law enforcement groups and security experts to make sure you're covering all your bases and minimizing your risk as much as possible.
3. Social Engineering Training
It may seem absurd that in 2016, CIOs still must train employees against social engineering attempts. But social engineering attacks are growing increasingly sophisticated and can fool even the savviest of employees.
Younger employees may be your greatest risk, as they're already accustomed to different views about personal privacy, leading them to expose your organization by openly sharing on social media all manner of details about their professional lives and the places they work. Such information can be easily mined to form a tailor-made spear-phishing email that will gain the trust of an employee. Once that's done, it's game over.
Don't wait to start training your employees in how to avoid becoming a victim of social engineering.
4. Hire a Data Protection Officer.
If 2015 taught us anything in the world of data security, it's that it can't be quarterbacked by the CIO alone. In 2016, one of the fastest growing IT security management roles is likely to that of a Data Protection Officer (DPO).
The role is a regulatory requirement for enterprise organizations in some parts of the world. A DPO is responsible for the legal and technical details behind your data security strategy. From there, the guidance can percolate up to the CIO and be put into action throughout the organization.
Security challenges facing CIOs will continue to escalate because the payoffs are high for perpetrators, and risks are relatively low. Until something changes to level the playing field, CIOs are going to have to do whatever they can to turn their organizations -- and their data -- into less appealing targets for the bad guys.
**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.