3 Suggestions to Consider When Building Your Cyber Strategy

1. Be prepared to make the proper investment. Unfortunately, companies often rush to buy the latest security fad, like malware detection or web application security, and then suffer buyer’s remorse within a year because it doesn’t properly provide visibility over the entire threat life cycle. Malware detection or web application security may keep hackers away from one locked door, but be assured they will keep trying other doors until they find one they can open.

Of the breaches we’ve investigated over the past two years, 30% have involved documented web vulnerabilities with published, but unimplemented, patches. With the cost of breaches often running in the tens of millions or more, it is not smart risk management to bet the farm on the latest tools like these over comprehensive security hygiene that consider all areas of entry to your network.

“A strong security strategy includes prevention, detection, containment and remediation.”

2. Change your mindset to prepare for the inevitable. While prevention is a large part of the equation, CEOs must admit that their security posture is not impenetrable if a determined hacker persists long enough. A strong security strategy that includes prevention, detection, containment and remediation means the difference between a single infiltration and a widespread breach affecting customer records, employee personal identifying information, stolen intellectual property and/or millions of dollars in reputational damage.

2. Regularly put your strategy to the test. CEOs should consider this a rule of thumb: for every dollar invested in new security technology, an additional 25 cents is required to properly implement the tools and train the staff to use them. In many cases, the financial and reputational damage caused by breaches are magnified due to the improper implementation of solutions, or the staffs were not fully trained to use the systems. Teams must be properly trained and tested, and readiness should be evaluated before a real threat comes knocking.

Ultimately, CEOs need to take action and ensure the proper people, technologies and strategies are in place to protect themselves and their organizations. If not, they have more than tomorrow’s headlines to worry about.