Menu
Menu
AT&T: The CIO security checklist

AT&T: The CIO security checklist

In the age of big data, bring-your-own-devices and internet-connected supply chains, cybercrime is big business; and cyber security has never been higher on the C-suite agenda. Here are three steps CIOs can take in this environment.

In the age of big data, bring-your-own-devices and internet-connected supply chains, cybercrime is big business.

As a result, cyber security has never been higher on the C-suite agenda.

Top executives from all disciplines now appreciate that hackers have many ways to access stored corporate data.

Financial and banking information, customer records, research, marketing plans and confidential emails are all worth stealing – with apps, devices, routers, websites and even the firewall-protected network offering backdoors to clever criminals.

The hackers, too, have evolved. Once the preserve of the high-schooler or prankster out for bragging rights, hacking is now a lucrative pillar of many a crime empire.

Ruthless, global and with access to sophisticated technology and services, organised crime is responsible for developing malware and coordinating attacks that are very difficult to detect and avoid.

Insidious Advanced Persistent Threat (APT) attacks that put an intruder within your network to syphon off data over an extended period of time are becoming more common, sometimes using a more traditional Distributed Denial of Service (DDOS) attack as a cover for the intrusion.

Top three action items:

To address these challenges, here are three action items executives in Asia-Pacific can consider when assessing their security provisions:

Understand your security profile

To what risk level is your organisation exposed? What technologies, policies, procedures and controls protect you from threats?

How effective is this technical and non-technical security infrastructure? Do you regularly review firewalls and logs, searching for evidence of a breach?

With a clear picture of your business risks and resources, you’ll be better able to identify and prioritise next steps.

Your approach to security must evolve as threats, technologies, supply chains and regulations change. In the past, security protocols were primarily risk-based; then they became rules-based.

Today, they are becoming increasingly anomaly-based, using business intelligence technologies to detect unusual system activity.

Providing the CIO with a seat at the strategy development table will help your business identify security threats and data-driven business opportunities.

Periodic reassessment of your security profile, including regular security assessments and threat analysis, will help you determine how your current systems need to be improved.

A security assessment may highlight a gap in your defences or discover an undetected breach.

Given the pace at which the security landscape is changing, it will certainly uncover some room for improvement.

Integrate security into decision making

What are the security implications of your business development projects and growth strategies? What is the monetary value of security? Is proactive risk management stifled by a focus on compliance?

Providing the CIO with a seat at the strategy development table will help your business identify security threats and data-driven business opportunities.

It should ensure that proper security is in place before new policies (such as BYOD) are deployed, and it may help you drive cultural change to prevent security breaches and prioritize planning to mitigate the impact of cyber-attacks.

Select the right security technologies, policies, tools and partners

What do you need to keep pace with escalating security risks? Can you consolidate your basic security solutions and invest more wisely?

How are you supporting employees and third-party partners to protect your business data and intellectual property?

Selecting and updating the right security technology portfolio for your organisation is daunting. A certified security provider can act as a trusted advisor.

It will guard all elements of your infrastructure and protect your network and reputation while ensuring regulatory compliance and business continuity.

A world-class partner will operate on a global scale and have the resources to keep on top of new threats and abreast of new technologies. It will also provide a continuous high level of service during transitional periods, such as when a new CIO or CEO is hired.

Read more: Brace for change: An interview with Tony Hayes of ISACA

Vanessa Lew is a senior security advisor at AT&T.

Send news tips and comments to divina_paredes@idg.co.nz

Follow Divina Paredes on Twitter: @divinap

Follow CIO New Zealand on Twitter:@cio_nz

Read more: Ascent of the digital board director

Sign up for CIO newsletters for regular updates on CIO news, views and events.

Join us on Facebook.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the CIO New Zealand newsletter!

Error: Please check your email address.

Tags cybersecurityM&ASupply Chainat&tsecurityCIO rolebig datadigital directormergers and acquisitionasia pacificGlobal Information Security Survey

More about AdvancedAPTAT&TFacebookIntegrate

Show Comments