“What is your number one recommendation for CSOs when it comes to tackling cyber crime?”
That was the question I was asked by the team here as we prepared the Cyber Crime section on our Secure Thinking portal.
My instincts told me that the whole subject was too complex to be able to offer a single answer.
It’s one of the most topical security subjects of the moment because of some high-profile incidents. But cyber crime isn’t new.
For CSOs, protecting the organisation from cyber crime has always been an ongoing battle – a bit like cat and mouse.
While banks and shops used to be robbed by people in balaclavas armed with guns, now those criminals are armed with technology.
In the past, the banks and shops got smart – installing glass screens, CCTV and panic buttons – so the criminals got smarter. Now they are just as likely to target businesses with phishing to electronically steal money. They are happy to bide their time too, planting malware that can lie dormant for months before it springs an attack.
The challenge itself isn’t new. It has evolved and so too must the response. For that reason, it seemed like there was no easy answer to the question.
But looking at it holistically, there is one recommendation I would make to CSOs: invest.
Not necessarily in technology. Not necessarily in smarter people. (Although these are ultimately important.)
My one recommendation is that CSOs invest in time.
By taking the time to understand the cyber risks you face you get a clearer view of what needs protecting and what does not. Then once you know what needs protecting, you need to take the time to find out where it lies within your systems.
If you don’t know what the risks are there is little point investing in anything else – good technology, more robust processes or smarter people.
Spend time understanding your cyber risks – whether they relate to your people, your processes or your technology – and it could be the best investment you ever make.
Latest posts by David Robinson (see all)
- Google steps up its security game - November 26, 2014
- Why a decline in security spending is bad news - October 6, 2014
- Blackberry teaches us a thing or two about enterprise security - October 3, 2014