Does Security Have a Seat at your Table?

All too often in IT strategic discussions, security has a seat at the kids’ table. Its presence is noted but not prominent. This is partly due to awareness/education (or lack thereof), partly due to dynamic threats, and partly due to the availability of products and services that address the entire enterprise and not just what’s in the data center. In the enterprise, security needs a seat at all IT related tables from software development, to the desktop, to the data center, through the network and beyond. Hackers make a career out of finding new ways to penetrate systems, disrupt business and steal information.

I’m not going to lie, ever since news broke about the major security breach at a major US retailer last December, I get a bit anxious every time I swipe a credit card. Security is costly. Implementing threat prevention tactics like card chips (like in Europe) can cost millions of dollars. All cards and POS (point of sale) credit card readers would need to be replaced. Let’s hope we move in this direction soon. In the meantime, awareness, education and threat prevention software across the business can mitigate risks.

According to Cristian Florian (TalkTech, 2014) third-party applications continue to be the main source of vulnerabilities, however during the past year there has been a major increase in vulnerabilities reported for operating systems and hardware devices.

As listed on the top 12 IT risks today are the following:

Social Networks, search engine poisoning, Adobe application software, web applications, phishing, botnets, advanced persistent threats, DNS server hijacking, mobile devices, cloud security, cyberwarfare, negligence, and hactivism (the use of computers and computer networks as a means of protest to promote political ends).

The good news is that new research shows that now more than ever security is getting a “seat at the table”. As you may have noticed in your own organizations, security is no longer a siloed function of IT, but instead a key component of the business. CEOs are now being held accountable for failure to address risks. Companies must be prepared to protect themselves against everything from malicious attacks, such as data theft and hacking, to more “accidentally” threats, such as an employee losing an unencrypted laptop or mobile device.