The last few years have seen some of the biggest data breaches to date. Even with companies losing millions to lawsuits and fines, a recent Fortinet Global Enterprise Security survey shows that most IT decision makers don’t think data protection and cyber security should be a priority. This disregard for cyber security is one of the primary reasons most organizations are susceptible to numerous attacks both externally and internally.
IT Is Not Priority for Board Members
The survey polled 100 IT decision makers in India. While they did not think cyber security was a priority for board members, 87% said that management should make it a top concern and board members should have more scrutiny dealing with security interests.
The results are interesting for security experts who have rallied to educate organizations and their executives on the importance of cyber security in the wake of some of the biggest breaches in history.
Security experts urge board members to focus on several factors for 2018. Here are the major issues that should be reviewed.
- Global attacks. Malware such as Petya, WannaCry and Bad Rabbit crippled entire countries. These attacks were able to threaten governments, which makes them a concern across the world.
- Cloud security. IoT and cloud management is a boon for small and large organizations, but it opens new risks. Every organization should review cloud infrastructure and how it integrates securely into the current environment.
- BYOD. Bring your own device policies are great for employee flexibility, but it introduces new attack vectors. Insider threats are greatly increased with BYOD policies, and they must be properly monitored and sandboxed from any highly confidential sections of the network.
- Regulatory compliance. Most organizations have at least one regulatory body they must follow. HIPAA, SOX, ISO, PCI DSS are just a few of the regulatory guidelines set for organizations that hold sensitive PII such as medical or financial records. These rules must be reviewed to ensure that the organization follows them or face fines.
The trend in cyber security and associated attacks is only getting worse. The more organizational board members disregard cyber security as a low priority, the higher risk they introduce. Monitoring the network for outside and insider risks is one of the best ways to defend against these attacks. A proactive approach to understanding risk goes a long way against potential threats and compliance.