By Russell Stalters
WHERE WORLDS COLLIDE Why cybersecurity pros should care about governance
ybersecurity is a strategic priority for most organizations. With recent high-profile breach incidents, including Home Depot, Target, and Sony, many companies are asking themselves, “Will I be next?” The answer is “yes,” based on the number of widespread and increasingly advanced attacks. Some of these data breaches are not only a result of internal malicious acts but also unintentional mistakes by employees. Ultimately, the chief information security officer (CISO) needs to understand the information footprint across systems, determine the value/risk of loss, and protect against cyberattacks through the deployment of control activities, which
are commensurate with the value/risk of these information systems. For the last several years, CISOs have focused almost exclusively on protecting the perimeter (even going as far as to use endpoint protection). If most agree that they will likely experience a data breach, then this attention to the perimeter only addresses a portion of the risk. We’ve all heard for years that information technology (IT) and cybersecurity require people, process, and technology; however, over the years, “people” and “process” have not received the same attention as “technology.” Cybersecurity in many organizations has been regarded as a technical problem, handled by technical people and buried in IT. With the widespread use of mobile
computing and the explosive growth of Internet of things (IoT) devices (growing from 6.4 billion connected devices to over 50 billion by 2020), a focus on people and process must move up in prominence to mount a coordinated defense and, eventually, an offense. Employees are still to blame for many cyber incidents. Poor security awareness continues to be the greatest inhibitor to defending against cyber threats, followed closely by the massive volumes of data for IT security teams to analyze/protect. Cybersecurity professionals need to understand the information risks their organization faces and how to leverage information governance, along with technology, to get the biggest bang for their buck.