- Opinion PiecePosted 2 years ago
- The Launch Of The Vision 2030 Publication Is Just Around The CornerPosted 2 years ago
- Are You, As A Leader, Looking After Your People?Posted 2 years ago
- Case studies from top companies: the future of empowerment in SAPosted 2 years ago
- A Sharper EQ Equals Greater SuccessPosted 2 years ago
- Almost half of us want to change careerPosted 2 years ago
Five questions you need to ask your data security team
Cyber threats are scarier than ever before, says former GCHQ data boss Andrew France. Now is the time for businesses to quiz those in charge of warding off cyber threats.
The ousting of Target’s CEO and the fact Morrisons’ CEO had to give up his bonus following recent massive data breaches show just how quickly a company’s reputation — and that of its senior leadership — can be overwhelmed by an attack on its network. With hacking becoming increasingly sophisticated and frequent, we can expect more scrutiny from regulators, shareholders, analysts, and the public on what management teams are doing to protect their most valuable information.
As data security moves up the boardroom agenda, Andrew France, Chief Executive of cyber defence firm Darktrace, explains the top five questions business leaders need to consider to stay prepared.
1. How do you identify your biggest risks?
Risk assessment is a part of day-to-day business today — but how is this done, and how has your risk management strategy changed in response to today’s more advanced tech savvy hackers? A strong governance structure is important to supporting and enforcing this strategy.
2. What are the top three threats to the organisation right now — and what are you doing to curb them?
It’s great to have analytics tools that tell you about data breaches. But, when these are producing hundreds of alerts every week, it’s not possible to address them all in a meaningful way. Prioritise to ensure you focus on the most deceptive threats, rather than getting caught up dealing with swathes of minor breaches and false positives. If your team cannot tell you what the top three threats are at any one time, there is a problem.
3. What is your insider threat strategy?
Every employee carries risk, whether they have malicious intent or not. Insider threats can come from a competent user who deliberately misuses their access privileges or one who inadvertently fell victim to a phishing attack. Remember; it’s not just employees that are insiders, but people all along the business supply chain. How effective, really, is your home and mobile working policy? Have you got a clear approach for managing this internal risk?
4. Is the corporate network secure?
Trick question: If the answer you get from your IT department is “yes”, you have a problem. Today’s networks are far too complex, porous and, interconnected to be able to secure them entirely. While strengthening the network as much as possible is important, companies need to start working on the basis that they will be hacked. They need to adopt strategies that allow them to quickly identify and counter ongoing risk.
5. Do you have the right kind of cyber defence technology within the network?
Networks are far too porous to rely on security around the outside — 93 percent of large UK corporations have been infiltrated. Advanced threats are capable of getting round even the strongest security protocols, changing their methodologies during the attack mission to reach their goal. But all is not lost: Next-generation technologies can use machine learning and the most cutting-edge mathematics to adapt to evolving threats in real time. When combined with operational and intelligence expertise, this dramatically improves a company’s ability to act on emerging threats in an efficient and pragmatic way.