Bringing security back to the top of the boardroom agenda

 

Data breaches are making the news headlines every day. Yet despite businesses efforts to counter their imminent threat to the business by spending more on security infrastructure than ever before.

The frequency and costs of data breaches is only going one way – rapidly up. A study from the Ponemon Institute shows the average costs to businesses from a breach is now $4 million, a 29% increase since 2013.

As a result, businesses are finding themselves in a constant battle to keep organisations safe from attempted breaches, whilst at the same time not restricting business or employee growth.

The fear of a breach is certainly present, but it seems some business leaders are still underestimating just how much of a target they are.

At the heart of the problem sits the conundrum that security is not high enough on the corporate agenda to get the board’s interest.

This is symptomatic of the wider ‘disconnect’ between senior management and IT decision makers (ITDMs) which is emerging within organisations, both in relation to security and also other aspects of their IT strategy.

Many aren’t clear who is responsible for security, as evidenced by a recent VMware survey, which found that 30% of IT leaders feel the CEO should be held accountable for a significant data breach. This is despite a quarter of them admitting that they are not disclosing data breaches to their senior management team.

>See also: How secure is your boardroom data?

This disconnect is also affecting interactions between the IT department and the wider business when it comes to data security, and presents vast risks to business.

As well as data and monetary loss, a business’ reputation can be severely damaged by a significant and high-profile breach, which is often very difficult to recover from. More needs to be done in terms of education as well as practical changes to IT infrastructure, to ensure businesses are prepared for any scenario.

A balancing act

It’s hard to miss the number of high profile security breaches that have occurred across the world in the last few years.

Although security may be on the mind of business leaders, is it embedded into the culture of the business itself? Does it ‘fit’ with the rest of the business?

This is something to consider now that the days of security as an add-on function are behind us. Instead, senior management need to instil the importance of security as a priority for all employees and ensure everyone has the right training and is guided in the correct processes.

As well as providing a cultural balance, business leaders need to ensure they have the infrastructure in place to promote mobile working.

In 2014, the number of mobile users globally surpassed desktop users, supporting a rising trend of employees working on the move. The traditional 9-5 job is no longer relevant and we are starting to reach a boundary-less workplace.

>See also: Placing cyber security at the top of the boardroom agenda

This poses certain security issues. If businesses are going to allow their employees to work remotely, they need to be able to do so safely, without compromising businesses’ data. With increasingly more diverse access to ‘private’ data, for example from mobile devices, laptops and fitness trackers, the risk of your organisation being targeted by a hacker is much greater.

The survey also found that 22% of employees across EMEA would risk being in breach of security policies in order to carry out their job effectively.

However, would this number be lower if organisations were stricter with internal behaviour training around security?

Security should be considered from the inside out, rather than the inside in, which is the traditional view. Taking an end to end approach to security will ensure business protection and give employees the tools they need to work securely on the go.

A new approach

The era of the digital business and the rise of sophisticated security threats, demands a new approach to protect business reputation and customer trust.

Security needs to be part of the design from the start and not bolted on afterwards. Too often security and compliance are an afterthought, once solutions have already been built and the projects have started.

Security needs to be part of the foundations of IT. Building it into the core platform throughout your business allows for much faster transactions to market, as fewer things need to be altered when moving from development, to testing and finally to production.

Having a software-defined architecture for security, built into the fabric of the IT infrastructure from the data centre to the device, is needed to embrace security in every phase of IT from the outset.

>See also: How to overcome the top boardroom cloud sticking points

As data becomes more valuable, the higher the risk of an attack is on a business.

The rise of the hacker is not slowing and breaches will continue to happen as hackers become more sophisticated. Businesses need to understand the severity of consequences if a data breach occurs.

With loss of customer data, fines and reputation all at risk, embedding security into the heart of your IT and correctly educating your employees, will put you in a strong position to protect your organisation from an attack.

 

Sourced by Jeremy van Doorn, director, EMEA network & security division, VMware

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...