SlideShare a Scribd company logo

5 Questions Executives Should Be Asking Their Security Teams

Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
Arun Chinnaraju MBA, PMP, CSM, CSPO, SA

1. How often do you see non-sanctioned cloud services in use? 2. Are we protecting ourselves against insider threats? 3. Do we have a cyber security task force in place? 4. Is our BYOD policy secure? 5. Do you feel limited by your security budget or staff size?

Technology
1 of 16
Download to read offline
15 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
25 Questions Executives Should Be Asking Their Security Teams Data breaches are more than a security problem. A significant attack can shake your customer base, partner relations, executive staff, profits, and revenue. Historic data breaches have cost executives their jobs, resulted in major revenue losses and damaged brand reputations. In a 2014 study of 700 consumers about brand reputation by Experian and the Ponemon Institute, data breaches were reported as the most damaging occurrence to brand reputation, exceeding environmental disasters and poor customer service.1 In a world where data breaches have become commonplace, what steps can be taken to minimize damage? There were 781 reported breaches in 2015, on par with 2014’s 783 reported breaches.2 Photo/graphic 1 Experian: Aftermath of a Mega Data Breach 2 ID Theft Center’s 2015 Data Breach Report 000 01 00 00
35 Questions Executives Should Be Asking Their Security Teams The average consolidated total cost of a data breach in 2015 was $3.8 million—a 23% increase since 2013. IBM 2015 Cost of Data Breach Study
45 Questions Executives Should Be Asking Their Security TeamsIntroduction Photo Security breaches affect your entire organization, and that means leadership must join forces with CSOs in the fight for enterprise security. Although Chief Security Officers, Chief Information Security Officers, and security analysts are on the front lines fighting hackers, they should not be considered the last and only line of defense. CFOs, typically responsible for managing a corporation’s financial risks, should be inquiring on the enterprise risk of cybersecurity. And while other executive roles don’t have security measures in their purview, they can take action to help improve their organizations’ overall security. • CTOs may counsel CSOs and CISOs on security software implemented at their organizations but should also focus on the security features of every piece of technology implemented. • CMOs and marketing executives responsible for their companies’ public reputations must be wary of the reputation risks that can result from a breach, developing a publicity plan in the face of an attack in order to protect sales revenue down the line. • HR and talent management should be aware of what an internal information data breach could do to employee trust, focusing on protection of the confidential information they manage. • CEOs and board members must recognize the implications faulty cybersecurity can have on their companies’ valuation and prioritize security in their company’s roadmap. When it comes to protecting the organizational assets that matter most, what questions should all leadership ask of their security teams?
55 Questions Executives Should Be Asking Their Security Teams Dropbox. Google Drive. MediaFire. Egnyte. Your organization might not support them, but chances are your security team has seen one or more of these private clouds in use within an organization. “Rogue clouds” (private file sync-and-share options not supported or secured by an enterprise’s IT infrastructure) are creeping into organizations. A 2013 survey by Symantec found that 77% of all businesses experienced rogue cloud situations.³ To eliminate rogue clouds, security teams should talk with their CTOs about which organizationally sanctioned cloud service is recommended. From there, other members of leadership can weigh in on which solution will be most useful to their employees and business partners. Talk with security teams about implementing organizationally supported cloud solutions. Enterprise-level solutions, like Microsoft OneDrive for Business, enable employees to save, share, and collaborate on documents without compromising data security. How often do you see non-sanctioned cloud services in use? QUESTION 1 3 Symantec study: Avoiding the Hidden Costs of the Cloud 40% of organizations that experienced rogue cloud situations saw confidential data exposed.3 40%
65 Questions Executives Should Be Asking Their Security Teams The fact that Office 365 is backed by Microsoft is huge. I’ll never have to change providers again because I trust Microsoft to look after our email and other services for us.” “ Paraic Nolan Finance Director Big Red Book
75 Questions Executives Should Be Asking Their Security Teams Are we protecting ourselves against insider threats? 4 Fred Donovan, FierceITSecurity: Is the person sitting next to you a malicious insider? 5 George Silowash, Software Engineering Institute: Common Sense Guide to Mitigating Insider Threats: 4th Edition QUESTION 2 Insider threats are commonly thought of as one of the most difficult threats to defend against. With the growing use of contractors, freelancers, and temporary employees throughout an enterprise, defending against potential internal threats seems next to impossible. In 2013, the FBI estimated malicious insider threat attacks cost approximately $412,000 per incident.⁴ Although there is no single solution for defending against insider threats, experts recommend a multi-pronged approach that involves action from several members of leadership. Talent acquisition should focus on strong background checks on all employees and contractors, and human relations can help catch red flags stemming from irregular employee behavior (such as missed work or bragging about potential damage they could do).⁵ CFOs and CTOs can discuss the possibility of implementing security behavioral monitoring tools to identify instances when any employees access files they have no relation to, files or information is saved to an external location, or employee logins happen at irregular times. Fortunately, if suspicion of internal threats does arise, solutions like Microsoft Data Loss Prevention (DLP) rolled into OneDrive for Business, SharePoint Online, Exchange, and Office 2016, will enable your IT administrators to protect against data loss without stretching their compliance budgets. Administrators will receive notifications if confidential information is being exchanged, and they have the opportunity to recall data and access from certain employees. Additionally, with DLP, administrators can review incident data and generate incident reports to see exactly where information may have been leaked.
85 Questions Executives Should Be Asking Their Security Teams You don’t just need to defend against viruses and malware—19% of security incidents involve malicious insiders. Fred Donovan, FierceITSecurity: Is the person sitting next to you a malicious insider?
95 Questions Executives Should Be Asking Their Security Teams Cybersecurity professionals are taught to think of when (not if) a breach will occur. Planning for a breach means creating a task force across an organization that designates who will be involved in disclosing the attack to customers (the CMO), who will be responsible for securing a network (the CISO, CSO, and CTO), and who will handle legal ramifications of the breached information (legal, customer, and HR departmental leads). Although creating a cybersecurity task force within an organization is considered a best practice, most organizations don’t have a task force in place at all. According to a Microsoft Information Do we have a cybersecurity task force in place? Security survey, 63% of financial executives of enterprise-level companies believe they are “just keeping up with security threats,” 28% believe they are ahead of these threats, and 9% feel they are lagging behind.6 Who should be involved? A large portion of the task force will include security analysts and the IT department. But don’t overlook the importance of legal, finance, investor, and public relations support. Anyone who would contribute to a breach cleanup should be included on a cybersecurity task force and be ready to take action. Photo 6 Microsoft Information Security Survey, September–October 2015 QUESTION 3
105 Questions Executives Should Be Asking Their Security Teams 84% of organizations have not implemented a cybersecurity task force. Financial Executives Research Foundation: The CFO’s Role in Cybersecurity
115 Questions Executives Should Be Asking Their Security Teams BYOD policies have exploded in the past five years, enabling employees to access company files on their own devices around the clock. According to a 2014 report by Check Point, however, more than half of IT executives reported that BYOD security incidents cost their organizations more than $250,000 in a two-year period.7 It is possible to continue to support BYOD policies without compromising security or breaking your budget. Ask security teams about current offerings’ single sign-on capabilities and self-service password management. Mobility management tools like Microsoft Enterprise Mobility Suite can keep employees connected to the apps they need, without compromising security. In a Microsoft Office 365 economic impact report by Forrester, 28% of enterprise users reported seeing an improvement in mobile data security, due to Enterprise Mobility Suite’s ability to remote-wipe data from lost devices.8 Is our BYOD policy secure? Additionally, Office 365 Mobile Device Management (MDM) can help secure your businesses devices from anywhere. Your IT team can manage mobile device policies, and perform a selective wipe of Office 365 data if an employee leaves your organization, saving your HR, IT, and security departments time and headaches. 7 Infosecurity Magazine: BYOD Security Incident Costs Exceed $250,000 8 Forrester report: The Total Economic Impact™ of Microsoft Office 365, October 2014 QUESTION 4
125 Questions Executives Should Be Asking Their Security Teams We needed to secure and manage the mobile devices and smartphones used outside the corporate network—as well as the data they contain. The Enterprise Mobility Suite delivers these capabilities in one, cost-effective package.” “ Kris Mampaey Director of IT Willemen Groep
135 Questions Executives Should Be Asking Their Security Teams Do you feel limited by your security budget or staff size? Enterprise security leads are tasked with hiring around-the-clock teams that must manage multiple security solutions and thousands of alerts each day. Are their budgets and hiring allowances within reason? When reviewing the durability of an enterprise’s security, leadership must make sure a generous budget is allocated toward rapid security development and evaluate whether any other budgets can shrink to meet these needs. Be it hiring management assistance, additional analysts brought on staff, or a boost in IT budget— find out what your security team needs, and make the changes necessary to ensure they can best do their jobs. QUESTION 5
145 Questions Executives Should Be Asking Their Security Teams Cybersecurity spending isn’t slowing down. Gartner reported that cybersecurity spending reached a record $75 billion in 2015 and anticipates it reaching $170 billion by 2020.9 9 Steve Morgan, Forbes :Cybersecurity Market Reaches $75 Billion In 2015; Expected to Reach $170 Billion by 2020
155 Questions Executives Should Be Asking Their Security Teams Have we managed our rogue cloud usage? What are we doing to protect against insider threats? Have we built our cybersecurity task force? Have we secured our BYOD policy? Does my security team have a sufficient budget? Fortunately, many of the tools your company already uses can supplement your security plan. Enterprise-supported file sync and share solutions like Microsoft SharePoint and OneDrive for Business can eliminate employees’ use of rogue clouds, while significantly improving the security behind files shared with partners and contractors. Assembling and communicating with a cybersecurity task force can be made easier with office communication tools like Skype for Business web conferencing and Exchange Online. Improve the security of your BYOD policy with mobile apps available for a variety of Office programs across Apple, Android, and Windows devices. Most importantly, all of these tools are available within your budget and likely familiar to your employees through Office 365. It’s time to talk with your security team.
165 Questions Executives Should Be Asking Their Security Teams Want more business tips? Dive inside the minds of business and technology innovators with Microsoft’s Modern Workplace webcast series: https://www.modernworkplace.com/ © 2016 Microsoft Corporation. All rights reserved.

Recommended

Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyCasey Fleming
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital FutureCognizant
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & ProtectMike McMillan
 

Recommended

Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyCasey Fleming
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital FutureCognizant
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & ProtectMike McMillan
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013- Mark - Fullbright
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small BusinessValiant Technology
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The Economist Media Businesses
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise The Economist Media Businesses
 
Websense
WebsenseWebsense
WebsenseCMR WORLD TECH
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarFERMA
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbookJames Fintain Lawler
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Organizational Security: When People are Involved
Organizational Security: When People are InvolvedOrganizational Security: When People are Involved
Organizational Security: When People are InvolvedSocial Media Performance Group
 
Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Isaac BOCCARA
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voiceIBM India Smarter Computing
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
A data-centric program
A data-centric program A data-centric program
A data-centric program at MicroFocus Italy ❖✔
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 

More Related Content

What's hot

Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small BusinessValiant Technology
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The Economist Media Businesses
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise The Economist Media Businesses
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarFERMA
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Isaac BOCCARA
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 

What's hot (19)

Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small Business
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for Cybersecurity
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise
 
Websense
WebsenseWebsense
Websense
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk Webinar
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbook
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Organizational Security: When People are Involved
Organizational Security: When People are InvolvedOrganizational Security: When People are Involved
Organizational Security: When People are Involved
 
Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14Adallom_Cloud_Risk_Report-Nov14
Adallom_Cloud_Risk_Report-Nov14
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
 
Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voice
 

Similar to 5 Questions Executives Should Be Asking Their Security Teams

Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Cybersecurity Tips for Leaders in 2023’s Digital Landscape - Shawn Nutley _ P...
Cybersecurity Tips for Leaders in 2023’s Digital Landscape - Shawn Nutley _ P...Cybersecurity Tips for Leaders in 2023’s Digital Landscape - Shawn Nutley _ P...
Cybersecurity Tips for Leaders in 2023’s Digital Landscape - Shawn Nutley _ P...Shawn Nutley
 
How to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptxHow to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptxSingle Point of Contact
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudSymantec
 
Keep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetKeep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetBVU
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
How Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdfHow Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdfEnterprise Insider
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityRahul Tyagi
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Armor
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfgalagirishp
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfgokuforhelp
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen Hamilton
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
 

Similar to 5 Questions Executives Should Be Asking Their Security Teams (20)

Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Cybersecurity Tips for Leaders in 2023’s Digital Landscape - Shawn Nutley _ P...
Cybersecurity Tips for Leaders in 2023’s Digital Landscape - Shawn Nutley _ P...Cybersecurity Tips for Leaders in 2023’s Digital Landscape - Shawn Nutley _ P...
Cybersecurity Tips for Leaders in 2023’s Digital Landscape - Shawn Nutley _ P...
 
How to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptxHow to Mitigate the Cyber security Risk Posed.pptx
How to Mitigate the Cyber security Risk Posed.pptx
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the Cloud
 
Keep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetKeep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit Budget
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
How Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdfHow Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdf
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe Security
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdf
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of Directors
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 

More from Arun Chinnaraju MBA, PMP, CSM, CSPO, SA

Achieving Regulatory and Industry Standards Compliance with the Scaled Agile ...
Achieving Regulatory and Industry Standards Compliance with the Scaled Agile ...Achieving Regulatory and Industry Standards Compliance with the Scaled Agile ...
Achieving Regulatory and Industry Standards Compliance with the Scaled Agile ...Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 

More from Arun Chinnaraju MBA, PMP, CSM, CSPO, SA (7)

10 principles of organizational DNA
10 principles of organizational DNA10 principles of organizational DNA
10 principles of organizational DNA
 
The Five Trademarks of Agile Organizations
The Five Trademarks of Agile Organizations The Five Trademarks of Agile Organizations
The Five Trademarks of Agile Organizations
 
Agile ADM
Agile ADMAgile ADM
Agile ADM
 
5 Steps to Scale Up Agile
5 Steps to Scale Up Agile5 Steps to Scale Up Agile
5 Steps to Scale Up Agile
 
Achieving Regulatory and Industry Standards Compliance with the Scaled Agile ...
Achieving Regulatory and Industry Standards Compliance with the Scaled Agile ...Achieving Regulatory and Industry Standards Compliance with the Scaled Agile ...
Achieving Regulatory and Industry Standards Compliance with the Scaled Agile ...
 
Architecting A Platform For Big Data Analytics
Architecting A Platform For Big Data AnalyticsArchitecting A Platform For Big Data Analytics
Architecting A Platform For Big Data Analytics
 
Advances in SAFe DevOps
Advances in SAFe DevOpsAdvances in SAFe DevOps
Advances in SAFe DevOps
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

5 Questions Executives Should Be Asking Their Security Teams

  • 1. 15 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
  • 2. 25 Questions Executives Should Be Asking Their Security Teams Data breaches are more than a security problem. A significant attack can shake your customer base, partner relations, executive staff, profits, and revenue. Historic data breaches have cost executives their jobs, resulted in major revenue losses and damaged brand reputations. In a 2014 study of 700 consumers about brand reputation by Experian and the Ponemon Institute, data breaches were reported as the most damaging occurrence to brand reputation, exceeding environmental disasters and poor customer service.1 In a world where data breaches have become commonplace, what steps can be taken to minimize damage? There were 781 reported breaches in 2015, on par with 2014’s 783 reported breaches.2 Photo/graphic 1 Experian: Aftermath of a Mega Data Breach 2 ID Theft Center’s 2015 Data Breach Report 000 01 00 00
  • 3. 35 Questions Executives Should Be Asking Their Security Teams The average consolidated total cost of a data breach in 2015 was $3.8 million—a 23% increase since 2013. IBM 2015 Cost of Data Breach Study
  • 4. 45 Questions Executives Should Be Asking Their Security TeamsIntroduction Photo Security breaches affect your entire organization, and that means leadership must join forces with CSOs in the fight for enterprise security. Although Chief Security Officers, Chief Information Security Officers, and security analysts are on the front lines fighting hackers, they should not be considered the last and only line of defense. CFOs, typically responsible for managing a corporation’s financial risks, should be inquiring on the enterprise risk of cybersecurity. And while other executive roles don’t have security measures in their purview, they can take action to help improve their organizations’ overall security. • CTOs may counsel CSOs and CISOs on security software implemented at their organizations but should also focus on the security features of every piece of technology implemented. • CMOs and marketing executives responsible for their companies’ public reputations must be wary of the reputation risks that can result from a breach, developing a publicity plan in the face of an attack in order to protect sales revenue down the line. • HR and talent management should be aware of what an internal information data breach could do to employee trust, focusing on protection of the confidential information they manage. • CEOs and board members must recognize the implications faulty cybersecurity can have on their companies’ valuation and prioritize security in their company’s roadmap. When it comes to protecting the organizational assets that matter most, what questions should all leadership ask of their security teams?
  • 5. 55 Questions Executives Should Be Asking Their Security Teams Dropbox. Google Drive. MediaFire. Egnyte. Your organization might not support them, but chances are your security team has seen one or more of these private clouds in use within an organization. “Rogue clouds” (private file sync-and-share options not supported or secured by an enterprise’s IT infrastructure) are creeping into organizations. A 2013 survey by Symantec found that 77% of all businesses experienced rogue cloud situations.³ To eliminate rogue clouds, security teams should talk with their CTOs about which organizationally sanctioned cloud service is recommended. From there, other members of leadership can weigh in on which solution will be most useful to their employees and business partners. Talk with security teams about implementing organizationally supported cloud solutions. Enterprise-level solutions, like Microsoft OneDrive for Business, enable employees to save, share, and collaborate on documents without compromising data security. How often do you see non-sanctioned cloud services in use? QUESTION 1 3 Symantec study: Avoiding the Hidden Costs of the Cloud 40% of organizations that experienced rogue cloud situations saw confidential data exposed.3 40%
  • 6. 65 Questions Executives Should Be Asking Their Security Teams The fact that Office 365 is backed by Microsoft is huge. I’ll never have to change providers again because I trust Microsoft to look after our email and other services for us.” “ Paraic Nolan Finance Director Big Red Book
  • 7. 75 Questions Executives Should Be Asking Their Security Teams Are we protecting ourselves against insider threats? 4 Fred Donovan, FierceITSecurity: Is the person sitting next to you a malicious insider? 5 George Silowash, Software Engineering Institute: Common Sense Guide to Mitigating Insider Threats: 4th Edition QUESTION 2 Insider threats are commonly thought of as one of the most difficult threats to defend against. With the growing use of contractors, freelancers, and temporary employees throughout an enterprise, defending against potential internal threats seems next to impossible. In 2013, the FBI estimated malicious insider threat attacks cost approximately $412,000 per incident.⁴ Although there is no single solution for defending against insider threats, experts recommend a multi-pronged approach that involves action from several members of leadership. Talent acquisition should focus on strong background checks on all employees and contractors, and human relations can help catch red flags stemming from irregular employee behavior (such as missed work or bragging about potential damage they could do).⁵ CFOs and CTOs can discuss the possibility of implementing security behavioral monitoring tools to identify instances when any employees access files they have no relation to, files or information is saved to an external location, or employee logins happen at irregular times. Fortunately, if suspicion of internal threats does arise, solutions like Microsoft Data Loss Prevention (DLP) rolled into OneDrive for Business, SharePoint Online, Exchange, and Office 2016, will enable your IT administrators to protect against data loss without stretching their compliance budgets. Administrators will receive notifications if confidential information is being exchanged, and they have the opportunity to recall data and access from certain employees. Additionally, with DLP, administrators can review incident data and generate incident reports to see exactly where information may have been leaked.
  • 8. 85 Questions Executives Should Be Asking Their Security Teams You don’t just need to defend against viruses and malware—19% of security incidents involve malicious insiders. Fred Donovan, FierceITSecurity: Is the person sitting next to you a malicious insider?
  • 9. 95 Questions Executives Should Be Asking Their Security Teams Cybersecurity professionals are taught to think of when (not if) a breach will occur. Planning for a breach means creating a task force across an organization that designates who will be involved in disclosing the attack to customers (the CMO), who will be responsible for securing a network (the CISO, CSO, and CTO), and who will handle legal ramifications of the breached information (legal, customer, and HR departmental leads). Although creating a cybersecurity task force within an organization is considered a best practice, most organizations don’t have a task force in place at all. According to a Microsoft Information Do we have a cybersecurity task force in place? Security survey, 63% of financial executives of enterprise-level companies believe they are “just keeping up with security threats,” 28% believe they are ahead of these threats, and 9% feel they are lagging behind.6 Who should be involved? A large portion of the task force will include security analysts and the IT department. But don’t overlook the importance of legal, finance, investor, and public relations support. Anyone who would contribute to a breach cleanup should be included on a cybersecurity task force and be ready to take action. Photo 6 Microsoft Information Security Survey, September–October 2015 QUESTION 3
  • 10. 105 Questions Executives Should Be Asking Their Security Teams 84% of organizations have not implemented a cybersecurity task force. Financial Executives Research Foundation: The CFO’s Role in Cybersecurity
  • 11. 115 Questions Executives Should Be Asking Their Security Teams BYOD policies have exploded in the past five years, enabling employees to access company files on their own devices around the clock. According to a 2014 report by Check Point, however, more than half of IT executives reported that BYOD security incidents cost their organizations more than $250,000 in a two-year period.7 It is possible to continue to support BYOD policies without compromising security or breaking your budget. Ask security teams about current offerings’ single sign-on capabilities and self-service password management. Mobility management tools like Microsoft Enterprise Mobility Suite can keep employees connected to the apps they need, without compromising security. In a Microsoft Office 365 economic impact report by Forrester, 28% of enterprise users reported seeing an improvement in mobile data security, due to Enterprise Mobility Suite’s ability to remote-wipe data from lost devices.8 Is our BYOD policy secure? Additionally, Office 365 Mobile Device Management (MDM) can help secure your businesses devices from anywhere. Your IT team can manage mobile device policies, and perform a selective wipe of Office 365 data if an employee leaves your organization, saving your HR, IT, and security departments time and headaches. 7 Infosecurity Magazine: BYOD Security Incident Costs Exceed $250,000 8 Forrester report: The Total Economic Impact™ of Microsoft Office 365, October 2014 QUESTION 4
  • 12. 125 Questions Executives Should Be Asking Their Security Teams We needed to secure and manage the mobile devices and smartphones used outside the corporate network—as well as the data they contain. The Enterprise Mobility Suite delivers these capabilities in one, cost-effective package.” “ Kris Mampaey Director of IT Willemen Groep
  • 13. 135 Questions Executives Should Be Asking Their Security Teams Do you feel limited by your security budget or staff size? Enterprise security leads are tasked with hiring around-the-clock teams that must manage multiple security solutions and thousands of alerts each day. Are their budgets and hiring allowances within reason? When reviewing the durability of an enterprise’s security, leadership must make sure a generous budget is allocated toward rapid security development and evaluate whether any other budgets can shrink to meet these needs. Be it hiring management assistance, additional analysts brought on staff, or a boost in IT budget— find out what your security team needs, and make the changes necessary to ensure they can best do their jobs. QUESTION 5
  • 14. 145 Questions Executives Should Be Asking Their Security Teams Cybersecurity spending isn’t slowing down. Gartner reported that cybersecurity spending reached a record $75 billion in 2015 and anticipates it reaching $170 billion by 2020.9 9 Steve Morgan, Forbes :Cybersecurity Market Reaches $75 Billion In 2015; Expected to Reach $170 Billion by 2020
  • 15. 155 Questions Executives Should Be Asking Their Security Teams Have we managed our rogue cloud usage? What are we doing to protect against insider threats? Have we built our cybersecurity task force? Have we secured our BYOD policy? Does my security team have a sufficient budget? Fortunately, many of the tools your company already uses can supplement your security plan. Enterprise-supported file sync and share solutions like Microsoft SharePoint and OneDrive for Business can eliminate employees’ use of rogue clouds, while significantly improving the security behind files shared with partners and contractors. Assembling and communicating with a cybersecurity task force can be made easier with office communication tools like Skype for Business web conferencing and Exchange Online. Improve the security of your BYOD policy with mobile apps available for a variety of Office programs across Apple, Android, and Windows devices. Most importantly, all of these tools are available within your budget and likely familiar to your employees through Office 365. It’s time to talk with your security team.
  • 16. 165 Questions Executives Should Be Asking Their Security Teams Want more business tips? Dive inside the minds of business and technology innovators with Microsoft’s Modern Workplace webcast series: https://www.modernworkplace.com/ © 2016 Microsoft Corporation. All rights reserved.