With the mega breaches from 2014 and the recent Sony breach, there’s been a huge wake up call for organizations to take risk management seriously.  One development that has ensued is the greater involvement by the board of directors on security matters. This is a step in the right direction, but not the only step.  There are at least an additional three steps that come to mind, if businesses are serious about securing their data and environment.

IT Budget

The CIO’s role has finally made its way to the executive room.  There’s a lot more pressure on them to assess and report on the organization’s ability to respond to data threats.  However, in order for the CIO to do their job well, executives need to provide the necessary resources (to stay on top of security threats).  Unfortunately, according to a recent ITworld Research survey, although security is the biggest priority for enterprises, most of the IT budget is spent on enterprise apps.  This won’t work if businesses are serious about their risk management.  The CIO is spread thin as it is, with insufficient funds there is no way executives can expect to obtain stellar results.

False Malware Costs

Another area that requires additional work when it comes to enterprise risk management includes false malware costs.  Research from the Ponemon Institute posits that false malware alerts can cost organizations an average of $1.27 million.  The solution is to move towards a more accurate detection method and speedy response time.  Typically, the problem isn’t lack of technology for detection, but a shortage of security professionals on the premises.  With the right support, a CIO can catch false positives and reduce those costs for the enterprise.

IoT and Security

Last, but not least of additional steps for a better data security includes IoT.   According to a study conducted by Atomik Research on behalf of Tripwire, only a minority of executives believes that the risks associated with IoT have the potential to become the most significant threats on their networks. Underestimating the threat of wireless devices and gadgets to business data is a serious issue.  The number of IoT devices increases exponentially every day, and although there’s a push to get manufacturers to build devices with security in mind, this is still not the case.  Devices are filled with vulnerabilities, and for leadership to assume what is or isn’t dangerous, doesn’t help reduce those risks.

As the digital world expands, so do data risks, and it seems the board of directors is finally onboard with this realization.  Discussing security and including it in their agenda is step one.  Now it’s time to take action and allocate the necessary resources to build an effective risk management plan.

What steps are you taking to improve your organization’s security posture?

Photo courtesy of enciktepstudio