Are You Making These Common Cyber Security Mistakes?
Data is an inescapable feature of all corporate life. The amount of data we process and store is growing exponentially. The amount of data we share with others via online communication is increasing from year to year. This is causing corporations to loosen control over their data security, as they need to grant access to their IT systems to outsiders.
As a result of workplace and lifestyle changes, and relentless technological advances, corporations are becoming ever more vulnerable via systems such as cloud computing, remote access, big data, mobile technology and social media.
A quick look at recent news headlines will confirm that cyber attacks are becoming more frequent and virulent, to the point where IT security has become more than just an IT problem and is now a significant and inescapable challenge for the leaders of every corporation.
If, in the past, organizations depended largely on technology to protect the integrity of their IT systems, more and more are waking up to the fact that a more flexible, strategic and proactive approach is required. A good place to begin is making boards, shareholders and managers aware of the most common cyber security mistakes.
A recent “2014 Technology Business Outlook” survey of 100 senior and C-Level executives was undertaken by KPMG LLP. Nearly two-thirds of those surveyed expected their expenditure on IT security to eat up 1 percent to 5 percent of their company’s revenue over the next year. Security is perceived by technology executives as the number one challenge to companies that deploy mobile, social media or Cloud technologies.
So, let’s take a look at some of the common mistakes companies should avoid to ensure their cyber security.
100 Percent Security
Many technology managers believe they must achieve 100 percent security.
100 percent security is neither realistic nor appropriate. All organizations, both private and public, are likely to experience some degree of data theft. Once you grasp that 100% security is not feasible, you can focus on prioritizing – protecting your most valuable assets, as well as improving detection and response mechanisms so you are better able to handle issues as they arise.
Best-of-Class Technical Tools
Many IT managers put their faith in the deployment of best-of-class security tools.
In the final analysis, cyber security is not as dependent on technical solutions as many think.
There are many excellent security products, produced by specialist suppliers, for detecting system intrusion. These solutions should be part of your arsenal for basic security, but you cannot depend on them in place of a robust, holistic security strategy. Yes, integrate them into your system, but also make sure you have a sound cyber security policy in place.
Cyber Security is Not an Arms Race against Hackers
Attackers are constantly evolving new methods and technologies to compromise the integrity of your data, which forces organizations to invest more and more in sophisticated solutions to fend off attacks.
But your cyber policy should be geared towards your goals, not those of hackers. You need in place a risk profile identifying what potential attackers your company may attract, and you should prioritize implement processes, controls and policies on the basis of your risk profile.
Cyber Security Involves More Than Just Monitoring
An ongoing learning strategy is required in addition to effective monitoring.
Of course you need good monitoring systems in place, and adherence to certain policies and laws. But without an understanding of potential external threat developments and trends, and a cyber security policy informed by this understanding, you will be hard pressed to defend against cyber crime in the long run.
There should be continual improvement and learning underpinning your security policy, in order to prioritize and protect your most valuable assets, instead of merely complying with regulations which will only address part of the issue.
Recruiting the Best Professionals is not Sufficient
Cyber security is a frame of mind that should be adopted by the whole organization. Many companies hire a cyber security team and then believe they are ‘protected’ by that specialist team. They have a false sense of security and don’t realize that everybody in the organization has to be aware of and implement the security policy.
Cyber security should be integrated into HR policy. Cyber security should also be built into business processes and initiatives at the planning stage, not retrofitted into controls or IT systems at the end of projects, which is too often the case.
If you want to avoid these common mistakes, your organization will need to develop a customized, strategic and all-embracing cyber security policy, from the top down. This will nurture a responsible, informed cyber security culture for your company.