Preparing for the new norm: 2013 Guarding against a data breach survey

Dennis Brixius, vice president of risk management and CSO with McGraw-Hill, the New York-based global financial information and education company, knows all too well the need to ensure that organizations stay up and running. Mobile security issues became much more critical when Sandy hit, and his company lost a major data center in the heart of Manhattan, which resulted in 4,500 employees going mobile. While the company slowly is moving back to the data center, most of these staff have been working from home and the road since November, he says. 

Naturally for him, security is not about just putting together a security architecture or understanding all the nuances of a risk management plan. With cyber criminals focused on attacking the key business resource of today – data, understanding where critical information is, how it flows and who is accessing it no matter their location or the technology or service they are using is vital. 

“We actually exist because of business,” Brixius says. “So how do we get to the point to have an effective risk mitigation plan and communicate that to the board because they're becoming more concerned about security overall? Let's identify the data. Let's classify the data. Let's put retention policies around that data and then really think about who needs access to this data.” 

Pondering the future

This year's survey revealed that more CISOs actually are recognizing and espousing their stake in the business. And that trend is important since “technical people don't make business decisions,” says Rick Doten, CISO of DMI, a Bethesda, Md.-based provider of mobile solutions and services for smart devices.

An embrace of corporate needs by security pros also indicates that there is more understanding of “business risks from the departments, what data is important, what applications are critical, what behaviors are risky,” and what controls ultimately must be put in place, he adds, noting that “bringing the business into the process is critical.”

And with hacktivists, organized criminals, espionage actors, state-sponsored attackers and still others overrunning a wide variety of organizations' networks, making security a natural part of everyday activities has never been more central to an enterprise's success. This is why “strong risk management cultures that take systematic approaches to measuring risk” and then apply the appropriate resources to address the greatest dangers among them can remain viable even in the toughest times, says Rob Goldberg, vice president of audit services for information technology and eCommerce at Wal-Mart.

 “The economy is an interconnected web with many interdependencies,” says Goldberg. “An attack on one or multiple pieces of that web can have widespread impact[s] on a country's welfare. Organizations that do not maintain diligence in this area make themselves the weakest link in the chain and put every other part of the web at risk.”