By: Tim Kelleher, CenturyLink. Just over a year ago, retail giant Target was hit by a massive data breach that brought the company to a standstill. More than 40 million debit and credit card numbers were stolen at the height of holiday shopping season, damaging the company’s reputation and putting a spotlight on the importance of IT security. And it’s big. The industry analysts at The Ponemon Group estimate average businesses lose $3.5 million per security threat.
Data breaches are costly, yet many lack the insight to plan and prevent these attacks. That’s almost like a countdown to disaster, because a cyberattack is inevitable. With hackers one step ahead, every business must look closely – not only at current security technologies – but associated strategies. With that in mind, let’s take a closer look at the three things any CIO must consider when shoring up current security – while preparing for the future. The countdown is on.
Step 3: Locking Down Your Assets
The ultimate goal is to identify, prioritize and lock down your assets. This gets even more complex as the data universe is exploding. According to IDC, the digital universe is expected to hit 44 zettabytes by 2020. It’s business e-mail, CRM, financials, sales forecasts – critical data helping companies run smoothly and plan for future growth. That’s why a comprehensive analysis of your digital universe is so critical. Before employing technology or launching a security strategy, it’s critical to understand what information is at risk. To get there, embark on a global data assessment project, whereby you identify all of your core information, applications and devices, and categorize them based on which items are most critical to your business success at risk. Realize that not all assets need to be treated equally. For the items that make up the crown jewels of the company, ensure they are protected with multi-layered security. Other items may need a different approach.
Based on your initial assessments, it is time now to begin to compartmentalize your assets, ranking them by value and impact if compromised. Get your teams to help you develop a comprehensive map of the infrastructure – including any unauthorized shadow IT operations. A good IT mapping tool can do this through auto-discovery.
Step 2: Out With The Old
At one time, a firewall or perimeter fence was enough to keep malicious content in check. As threats get more sophisticated, it’s essential to manage security with technology that goes beyond the perimeter or firewall. Tools that go deeper to conduct regular Vulnerability Scanning or Continuous Diagnostics and Mitigation (CDM) will keep an eye on potential threats, alert you to possible attacks, and manage high-priority vulnerabilities to ensure they don’t recur. Security management tools are highly effective in ingesting multiple data sources and employing advanced correlation and analytics – pinpointing activity or intrusions traditional firewalls cannot find. Built on this is a process of effective Network Segmentation – or splitting larger networks into smaller segments that can be more highly protected. If the investment in these tools proves too costly, consider a managed service provider who can help.
Step 1: Education and Leadership
Every business is different and there IS no one size fits all, which is why security strategies and policies must align with the business. Yes, companies must get smart about key assets and how to keep them safe. But just as critical is both gaining senior management support for your security initiatives and deploying a comprehensive communications plan to roll-out policies and procedures to employees. Security is a top-down strategy, and must have full support of executive leadership. Armed with this education and support, the company can then assign specific responsibilities to individuals. Security is a team approach and individuals must be held accountable for deliverables. This also means employees should be held to the highest standards for IT use and conduct. With the infrastructure in place, adapting the policies and strategies to align for future growth becomes a simple process.
The bottom line is that data is the engine that drives businesses, and companies succeed or fail based on the safety of that information. Given these sensitivities, comprehensive IT security is not a luxury, but a necessary part of business and must be treated as a priority.
The countdown is on and the stakes have never been higher. Security is a top priority, and companies must get educated, start assessing IT environments, and employ policies and tools tailored to the business. Based on the frequency and severity of cyberattacks today, companies simply cannot afford to approach data protection half-heartedly. The clock is ticking…are you ready?