Strategy

Why companies need to practice due diligence for cybersecurity

September 2, 2021
When the Office of Personnel Management hired its first CISO more than five years ago after the high-profile hack by the Chinese, that was an important nod to cyber’s growing importance, but today’s columnist, Reuven Aronahvili of CYE, argues that organizations have to go a step further and practice due diligence around all aspects of cybersecurity. (Photo by Mark Wilson/Getty Images)
  • What's at stake: How does the company use data? Who accesses that data and how? Where and how does the data get stored and move around the network? By assessing data inventory, companies will gain deeper insights into which areas need strengthening, and which areas are most vulnerable.
  • Where are the vulnerabilities: Armed with information on vulnerabilities, security teams can consider ways to mitigate them. Audit the security systems in use and have been used in the past and determine the track record of each. Security leaders can then deliver clear information to executives about the vulnerabilities, as well as their plans to mitigate them.
  • How to protect: When organizations are cognizant of the risks they face, they can better determine the resources they need to invest in cybersecurity.
prestitial ad