Have you set cyber security priorities?

  • Consumers expect organizations to provide improved levels of protection for their data.

  • As healthcare becomes more digitized, cyber security will become a top industry priority.

  • Organizations are shifting from “compliance-driven” to “risk-aware."

In my last post, Ready for what’s next in cyber security, I discussed how increased security breaches have consumers looking to organizations for new levels of protection for their data. With growing awareness and expectations, funding for security solutions is increasing, according to Forrester’s January report by Ed Ferrara, “Understand Cybersecurity and Risk Budgets For 2015.”

But organizations need to be smart about where to focus cyber security priorities and spending. Priorities and focus can vary slightly by industry. As healthcare becomes increasingly digitized (and more devices become network-attached, attachable, or aware), cyber security will become a top industry priority. Retailers will continue to work towards information protection as part of the omni-channel experience for the consumer.

Related: Ready for what’s next in cyber security?

Across all industries, information protection and risk management will become increasingly important. Below are priorities across industries and organizations:

Strategic planning: Align your cyber security program with business priorities. Create your strategy and roadmap based upon risks to the business and risk appetite, and define clear metrics for success.

Data governance: Know what data you have, where it is, and with whom it is shared. While it seems fundamental, data governance is still a struggle. And you can’t protect the crown jewels if you don’t know where they are.

Information risk management: Organizations are making the shift from being “compliance-driven” to becoming more “risk-aware.” Improved risk metrics and building in quantitative measurement will help in analyzing risk in terms of cost and impact to the company.

Awareness and training: People are still the weakest security link. Ongoing awareness and education are invaluable, and new and innovative ways to communicate security messages have significant impact. Since cyber security experts are in high demand and there is a shortage, retain your security staff by training and providing ongoing professional development – invest in your best.

Optimize monitoring capabilities and security operations center: Review processes and technologies that provide monitoring of your information environment, and evaluate how they can be optimized. Can the tools and technologies be integrated to provide the most value and provide the most usable information? How are you gathering intelligence? Do you have the network analysis and visibility capabilities needed? Are there operational aspects that would be best served by outsourcing?

Incident response, planning, and management: Data vulnerabilities are inevitable. Being prepared to respond and reacting efficiently will reduce the impact and cost of the breach. Test your response by doing exercises, table top and simulated.

Third-party risk management: With the continuing proliferation of outsourcing and cloud vendors, managing the risks associated with providing company information to suppliers and partners should remain a priority.

Learn how to protect your organization against cybercrime with AT&T network security solutions.

Carisa Brockman Security Consulting Services Practice Director AT&T About Carisa