CIOREVIEW >> Cyber Security >>

3 things CIOs and CISOs Need to Know to Keep their Company Secure

Malcolm Harkins, Chief Security and Trust Officer, Cylance

Have CIOs and CISOs gotten complacent? I think they have.

Nearly half of IT security professionals say they think their security is good enough—but it probably isn’t. Have they really achieved an optimal risk point? I doubt it. Security measures usually don’t get better until a serious hack takes place—and those are happening more and more often these days. Rather than merely responding or detecting threats, security leaders need to take a proactive, preventative approach to security.

So what can these CIOs and CISOs do to ensure that they are keeping their companies and their intellectual property as safe as possible?

1. Stay on Top of the Trends.

It’s critical for every security leader to stay up on the current news and events. You need to look no further than earlier in the year when multiple hospitals were hit by ransom ware attacks to understand why it’s important to stay in the know. If people are upset about or recognize a vulnerability in something that touches your business, they could potentially target you.

  ​Security measures usually don’t get better until a serious hack takes place—and those are happening more and more often these days  

For example, perhaps hacktivists want to bring awareness to animal rights and they think your company is violating these. Their goal may not be to shut down your business, but instead to compromise the integrity of your company’s food safety data. The goal of the attack would depend on the industry you’re in, but any company is vulnerable to an attack like this. If someone could manipulate your data, it could be potentially harmful not only to your company but also to your customers.

2. Look to the Future and See the Potential Risk to Society.

For the past few years, society’s well-being has become more and more enmeshed into technology. As technology becomes ever-more connected to everything in our lives, you need to go beyond looking at the risks just in your enterprise. Most of the time security issues are only thought of as a risk to the business or a risk to the customers. But with this shift, companies need to think about the potential risk to society, such as where you’re positioned in the global security scene and how you could potentially create a societal risk.

If you can view security issues as a function of corporate social responsibility, then you could avoid a potential catastrophic issue for society. For example, back in the early 1980s, several people died by taking Tylenol that had been laced with cyanide. Compromising the integrity of a product used to be a lot harder, requiring physical access. With the easy access to technology that we have now, it’s not hard to imagine something that is a logical equivalent happening with data manipulation.

If you can think out far enough, you’ll make better decisions. Many companies are monitoring their energy and water usage as part of their role as global citizens, knowing that it also gives them better operational efficiency. If companies can view their security not only in financial or operational terms, but also in the big picture of being a part of a global community, then you will change the choices that you make and the controls you put in place.

3. Become a Privacy Specialist, not just Security Specialist

Privacy issues have long fallen in a veritable Bermuda triangle for companies, as many have wondered if privacy is more of a concern for legal, compliance or security reasons. The truth is that it should be a concern for each of these groups. But privacy concerns go beyond managing liability. You need to make privacy a risk discipline that goes in conjunction with security. If your company or building gets hacked, this affects not just the security of your business, but the privacy of your employees and customers.

Structure drives behavior and you get what you measure. You won’t improve your privacy measures unless you’re tracking them. So you need to figure out how you will prioritize privacy concerns and how you will avoid compliance issues. These different departments aren’t all going to approach privacy differently, but if you link privacy concerns back to the mission and vision of the company, you will get a set of principles and a cultural cohesion—rather than just getting by.

Keeping your company secure is no small task. By approaching security proactively and viewing your security practices in a comprehensive and societal context, you will be able to more successfully keep your company secure, your customers safe and society protected from attackers.

Read Also

The Intelligent Legal Department

The Intelligent Legal Department

Mick Sheehy, Partner, PwC NewLaw
Data Protection Trends - GDPR as a forthcoming global privacy benchmark

Data Protection Trends - GDPR as a forthcoming global privacy benchmark

Jiri Cerny, Legal & Corporate Affairs Director, Microsoft
Technology as a Tool to Aid the Legal Function

Technology as a Tool to Aid the Legal Function

Surabhi Madan, Senior Global Legal Counsel, ASM Front-End Mfg (S) Pte Ltd
Building On Your Legal Tech Journey

Building On Your Legal Tech Journey

Neil Blum, National IT Manager, Barry.Nilsson
Enhancing Productivity of Lawyers with Technology

Enhancing Productivity of Lawyers with Technology

Vimaljit Kaur, Senior Legal Counsel, Sembcorp Industries