|By David Canellos||
|February 7, 2014 08:45 AM EST||
A newly released report from McKinsey & Company, Risk and Responsibility in a Hyperconnected World: Implications for Enterprises, highlights the findings of a year's worth of McKinsey research conducted in partnership with the World Economic Forum. Based on the interviews with over 200 enterprises and organizations the findings highlight the importance of protecting online proprietary data and information and puts forth 7 ideas for how to protect the enterprise.
The report first observes that with the rise of new and novel ways to access information via mobile devices, data security risks have dramatically increased. Despite the billions of dollars spent to secure data, cybercriminals have proven themselves to be a highly adaptable, sophisticated, well-funded crew, equipped to take advantage of any weaknesses in an enterprise's security technology. Recent examples of large breaches at Target and Adobe could potentially really just be the tip of the iceberg.
As I mentioned, the research sets forth seven practices for executives tasked with battling cybercriminals; here is the list with a few observations on each:
1. Prioritize information assets based on business risks.
At PerspecSys, we've long championed this idea as an important part of any cloud security strategy. It enables a smooth, risk-based strategy for protecting the corporation and helps prioritize IT activities on the most impactful security technologies/processes. It is amazing how quickly things can happen when risks are well understood (see #6 below). Which leads directly to the next tenet...
2. Provide differentiated protection based on importance of assets.
This is especially relevant when choosing where and how enterprises select their cloud computing environment (public, private or hybrid cloud) and what obfuscation technologies to deploy (tokenization, encryption, location and ownership of keys, etc.).
3. Deeply integrate security into the technology environment to drive scalability.
This strategy helps better protect assets while staying a step ahead of both cybercriminals and competition. And as I stated in my predictions of what we'll see this year, the solutions that pull ahead in the marketplace will provide strong security, leverage existing data center investments and scale without disrupting usability of the cloud.
4. Deploy active defenses to uncover attacks proactively.
No organization can afford to wait for evidence of attacks. Technologies and processes should be in place to preemptively search out and stop any vulnerability. For example, an enterprise can proactively keep its most sensitive assets out of the cloud without adversely impacting their end user's cloud experience, by using a product such as ours.
5. Test continuously to improve incident response.
Testing is a key part of cybersecurity and we've seen with recent attacks that response matters - led by the IT department, but including all major departments. Solutions like those from Co3 Systems can help an organization be prepared if and when the time comes.
6. Enlist frontline personnel to help them understand the value of information assets.
The end users often feel the impact of cybersecurity choices the most and need to be up to speed on what is at stake with certain data assets - especially important with the rise of mobility and BYOD in the workplace.
7. Integrate cyber-resistance into enterprise-wide risk-management and governance processes.
Cybersecurity is clearly not just an IT department issue, but a decision and process that should involve multiple teams within the enterprise.
There was some disagreement in the survey about the issue of cybersecurity regulations and there was also some division by industry (which makes sense given the disparity in regulations already in place by industry sector). We believe regulation will continue to grow and be increasingly complex, making full awareness and compliance with any and all applicable industry regulations a must by security solution providers - whether PCI DSS, HIPAA or others.
Finally, we agree that this is a C-Suite and boardroom issue - the viability of institutions depend on proactively removing enterprise risk and threat.
I strongly recommend you download and read the full report. I look forward to future updates from McKinsey and the World Economic Forum.
PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit www.perspecsys.com or follow on Twitter @perspecsys
Dec. 22, 2014 11:00 AM EST Reads: 1,493
Dec. 22, 2014 11:00 AM EST Reads: 2,387
Dec. 21, 2014 02:00 PM EST Reads: 2,469
Dec. 21, 2014 01:00 PM EST Reads: 2,064
Dec. 21, 2014 11:30 AM EST Reads: 2,471
Dec. 21, 2014 10:00 AM EST Reads: 2,225
Dec. 21, 2014 06:15 AM EST Reads: 2,196
Dec. 20, 2014 08:00 AM EST Reads: 1,482
Dec. 18, 2014 09:45 PM EST Reads: 1,328
Dec. 18, 2014 09:00 AM EST Reads: 1,439
Dec. 18, 2014 06:00 AM EST Reads: 997
Dec. 17, 2014 11:15 PM EST Reads: 1,478
Dec. 17, 2014 11:00 PM EST Reads: 1,532
Dec. 17, 2014 08:00 PM EST Reads: 1,493
Dec. 17, 2014 06:30 PM EST Reads: 1,464
Dec. 17, 2014 11:45 AM EST Reads: 1,599
Dec. 16, 2014 11:45 PM EST Reads: 1,458
Dec. 15, 2014 11:45 PM EST Reads: 1,808
Dec. 15, 2014 10:30 AM EST Reads: 6,959
Dec. 15, 2014 10:00 AM EST Reads: 2,012