The corporate IT infrastructure is more vulnerable than ever because of the many gateways that make it susceptible to a breach. Cloud computing, bring your own device (BYOD) policies and vendors are just some of the examples in which the corporate network can be accessed. One example of this phenomenon is the data breaches of large multinational organizations taking place with increased frequency, highlighting the vulnerability everyone faces no matter how robust the security platform. So, if there is a strong security platform why are there so many organizations experiencing issues with security?
The answer has been addressed in an article by Ken Hess on ZDNet titled, "Bad behavior, not malware, puts more of your corporate data at risk." He begins the piece by stating "Although viruses and other malware apps still plague businesses, it is the poor habits of a company's employees that cause the most problems for corporate security staff."
While it is easy enough to blame employees for data breaches, the organization must implement strong IT security governance as a non-negotiable requirement for anyone that has access to the company's network. This policy must be put in place with clear consequences if any of the rules governing the security protocols are violated. Managing security effectively is the responsibility of senior leadership by making a fundamental commitment to data security, and making this aspect of the business a core business operational function.
This requires the establishment of leaders at a governance level tasked specifically to address issues of security. This person must have the authority and resources to act and enforce any compliance issues regarding the policy that has been put in place.
The first step in accomplishing this is elevating security to a governance level to leaders that are security-conscious, who are positioned to protect all the digital assets of the organization. This includes everything within the organization and outside, such as vendors.
With this in mind it is critical to address the security requirements of the organization with a service provider that is able to assess what the needs are by defining an effective enterprise security program with the characteristics of effective security governance, along with enterprise security governance activities to ensure security remains a critical component of overall operations in the organization.
Security experts always emphasize the need to remain vigilant and not let complacency creep in regarding the protocols that have been established. It is this complacency that criminals or other interested parties look for in order to exploit an organization.
Edited by Rory J. Thompson