Cyber threats and attacks show no signs of slowing down. In fact, they continue to increase in both frequency and complexity. One reason for this continued rise is that these threats are no longer limited to using computers as a beachhead. Attackers are now also looking to areas like video surveillance platforms and the ever-growing number of IoT or network-connected devices.
Today, CIOs essentially have three options when it comes to how they approach cybersecurity or cyber risk management for the organizations they are challenged to protect. Some options are clearly better than others and it’s critical that CIOs keep the state of cybersecurity described above front of mind when considering which path they should take.
Option 1 – Be an Ostrich
The first option can be thought of as the “ostrich” option, that is, sticking one’s head in the sand and hoping an attack “won’t happen here” (at least not before I move on or retire). This is never a good choice for any CIO, but especially so for those that are younger and hope to build a progressively more rewarding career.
There are “those who have been hacked” and “those that are going to be hacked,” as the experts say. Cybercrime is here to stay, and it’s now a matter of when, not if, an organization will be attacked.
Option 2 – Abdicate Risk and Responsibility
Often in parallel with the ostrich option, CIOs may attempt to push their risk burdens onto their organization’s insurers. This is a similar and still poorly placed bet that if a breach does occur it hopefully won’t exceed the limits of liability and related financial thresholds.
Here again, hope is not an effective strategy. Insurance premiums of this type often exceed the cost of proper preventive measures and won’t come close to covering the devastation of a major breach. Risking your brand’s reputation and the tangible costs associated with a breach are not worth it.
Option 3 – Practice Proactive Protection
The best path a CIO can take to managing cyber risk is to be definitively proactive in protecting their organization by “going on offense” and then rigidly maintaining that posture. Externally, this takes on the form of hardening the perimeter (including IoT devices like cameras and phones) and fortifying their servers. This is accomplished with proactive tools, systems, and software that uses AI and automation to continuously seek out threats and adapt to changing conditions.
Internally, CIOs can deploy processes for managing passwords, traffic, email, login authenticity, physical access and databases to further mitigate malware and intrusions. Insiders are the single biggest cause of breaches at most companies. Whether they’re acting deliberately or unknowingly, it only takes one careless person to cause a multi-million-dollar problem and sustained intangible negative impacts on a company.
Make the Smart Choice
CIOs have faced an increasingly more challenging task in managing cyber risk in their organizations. Thankfully, there are tools and solutions that are now making it easier for them to put proactive protections in place; protections that enable them to secure the edge, firewall the interior, protect both inbound and outbound traffic and detect threats early.
The state of cyber threats today requires that CIOs establish and maintain readiness and vigilance. Those that don’t are vulnerable to letting today’s “Internet of Things” become tomorrow’s “Internet of Trouble”.