Lack of visibility of data assets continues to be a problem within the enterprise. A recent survey by the IRM reveals that two thirds of businesses still don’t know the value of critical data assets being targeted by cybercriminals. Furthermore, only 28% of CISOs regularly conduct exercises to categorize and value the data within their IT estate (so that they can evaluate the risk associated with its loss). Without knowing where data assets are and what their value is, a business can’t take the proper measures for an effective business continuity plan or risk management posture.
Knowing that security leaders aren’t clear on these points makes it understandable why businesses continue to lack in defending their network and business environment from intrusion. The idea that data is key to an organization staying in business and growing, isn’t something that has entered the perspective of business leaders. Data is still being underestimated in its value within the business process, it’s seen as this added bonus for insights on customers and for improvements in business operations. What’s lacking in this equation is the fact that if your data is taken away, your operations stop and your customers lose trust.
Until it becomes clear how valuable data is to staying in business, risk strategy investment by organizations also continues to fall behind. Business leaders continue to invest their security budgets in system patches, antivirus applications, and business continuity plan templates that won’t do the job. Each enterprise has a different set of circumstances such as data assets stored in different places, a private or public network that differs in their use, and employee BYOD usage that changes depending on the employees.
These small, yet significant differences, in each enterprise operational environment, render an audit necessary to actually look at customizing the company’s business continuity plan and risk management process to defend their unique needs. The awareness that data assets are fundamental to continued operations and not some option that can come and go without significant consequences needs to increase within the boardroom and among business executives.
Luckily attitude in the boardroom is slowly shifting with 66% of CISOs saying they now rarely have trouble engaging with the board on cyber agenda and 57% of businesses making it a top priority for the next 12 months to identify risks and vulnerabilities. So, at least when it comes to talking about cybersecurity and looking into risks the doors are opening. Now for the next big leap forward, realizing that it’s not only about setting up a defense system around your enterprise data, but it is also taking an in-depth approach and analyzing that data to build a proactive security approach for the specific needs revealed by the analysis.
In order for business continuity to take place and for information security to always be on top, testing and reevaluating are key. Risk management isn’t a one stop shop, it’s multilayered and requires continuous reconsideration as changes take place within the digital world, and automatically within the enterprise’s operational environment.
Do you have a clear picture of your data assets? Their worth, where they are on your network, if the security steps you’ve taken so far will suffice to do the job? Schedule your free consultation and let’s find out!
Photo Courtesy of Tashatuvango