Who should own cybersecurity in your organization?

Author: Lee Kearns

The path to managing cybersecurity risk in any organization is a long one. And it is ongoing.

The truth is that your organization can never be too secure.

Threats to your cybersecurity can come from any level of your organization. For this reason, the role of cybersecurity risk management does not belong to your IT team alone. 

Understanding the entire spectrum of cybersecurity risk

A general definition of cybersecurity risk is that it is the exposure (and subsequent consequences) that can arise from a cyber attack, such as a data breach, in your organization.

However, a more comprehensive definition, and one that better reflects the true harm that comes with a cyber attack, is the potential loss that can arise from the destruction of your technology, infrastructure and/or reputation.

For years, organizations have become increasingly vulnerable to cyber attacks due to the increasing presence of computers, mobile devices, networks and programs. The pandemic has only exacerbated this trend.

Cyber criminals are currently experiencing a golden age. The combination of global connectivity (along with a move to the cloud for data storage) and sub par security settings means that external cyber attacks are on the rise.

In fact, one piece of research has claimed that mid-sized organizations receive alerts for more than 200,000 cyber events every day.

This means that events that could once be dealt with by your IT team now need to be addressed with more power. You need a cross-discipline team of cybersecurity experts whose sole focus is your organization’s cyber safety.

The role of the CISO

Organizations which are truly looking to embed best in class cybersecurity practices are appointing CISos (Chief Information Security Officer).

This individual is responsible for conceptualizing and implementing an organization-wide vision, strategy and program to prioritize the security of all data assets. Their seat at the top table also ensures that they include the leadership team in their planning processes. 

CISO cyber defense strategies

The aim of the CISO is to be as proactive as possible in dealing with cyber threats. Preventing a cyber threat from happening in the first place is always a smarter and more cost-effective strategy than cleaning up a mess afterwards.

To ensure cybersecurity, a CISO will:

  • Consistently evaluate security procedures
  • Administer ongoing training and testing for staff
  • Implement vulnerability management across internal and external suppliers
  • Recruit cybersecurity professionals, both in-house and in supplier roles
  • Ensure best practice cloud services configurations
  • Ensure data encryption where needed
  • Deploy detection systems
  • Implement secure networks that protect business activities
  • Comply with data protection laws and regulations
  • Manage access to data
  • Maintain device configurations
  • Ensure software is kept up to date
  • Run regular vulnerability patches

Furthermore, it’s no longer sufficient to rely on computer professionals and security systems to manage cybersecurity. In the climate we’re now in, it’s essential to incorporate threat intelligence tools and dedicated cybersecurity professionals into your organization’s decision-making processes.

Hackers and cyber criminals are becoming increasingly sophisticated.

But so are the good guys.

Cybersecurity professionals have a powerful risk mitigation toolkit at their disposal to keep your business and customers as secure as possible.

***********************************************************************************************

David Steele is the MD of SecuriCentrix and a Cyber Security Analyst. Founded in 2010, SecuriCentrix has grown to become a global Security and Compliance service provider to organizations.

Scroll to Top