Comment: Today’s Biggest Security Risk – Your CEO

CEO: A company's greatest security risk?
CEO: A company's greatest security risk?

CEO’s, listen up. You may be your company's greatest security risk.

PwC Group reports 42% of company leaders believe they are a frontrunner in security. This is a surprising statistic, considering the record number of data breaches and attacks occurring today.

The fact is executives have proven to be unaware of important business security risks. These CEOs are vastly overestimating just how hard it is to be a frontrunner in security.

Becoming a Security Leader is Hard Work

Major threat reporters like Verizon, SANS Institute and PwC agree: the challenges to security have never been greater, and companies have never needed to be more vigilant.

Verizon reported some 69% of data loss incidents come from internal actors. Increased use of personal devices, and employee carelessness with data, are all undermining the ability to secure information. But despite this, PwC reported that 18% of executives still do not know when information security becomes involved in major projects.

Even while misunderstanding the current security environment, 55% of executives plan to decrease their security budgets going forward. Only 32% of executives plan to spend anything on data loss protection this year, according to the recent PwC report.

This reduction in security spending flies in the face of all the most recent data. Data loss is a mounting problem for companies of all sizes, and CEOs should be actively trying to prevent this type of loss. Don't get comfortable spending more on anti-malware or other network security.

Only 36% of companies plan to spend on protection from physical data loss. It’s a strange decision, given that the most recent Verizon Data Breach Investigations Report (DBIR) shows physical attacks up 25% over the previous year.

Before they consider themselves to be frontrunners, executives need to make sure they are doing their research into the real security issues.

Every few months, Kaspersky releases the discovery of a new piece of malware capable of compromising enterprise security. What is most striking about this malware is just how repeatable the methods of attack are. Most of this malware employs modules that have been used for years, and they are capable of being protected against.

Don’t be Complacent

Survey any group of 100 drivers and 99 will think they are in the top 1% in terms of skill. Believing you are winning the security game works the same way. If you want to be a frontrunner in security, complacency is your enemy.

According to the previously cited PwC report, more than 40% of CEOs agreed: safeguarding information is easier when you know where it is – but agreeing to this fact is not enough. The most recent Verizon DBIR reported that 69% of data loss occurs by internal actors. This means companies are not doing enough to keep control of their data.

Security collection and protection is easier than ever, and there are a huge number of automated solutions available to protect data, capture sensitive content, and ensure compliance and audit reporting without killing your security team.

With so many options available to executives today, we need to rethink the importance of the human element. The fact is, there are plenty of technologies out there to secure data. Leadership can take their pick from content security, and data protection software that guard data and sensitive text from leaving an organization through email attachments.

Policies: An Inexpensive Way to Prevent Attacks

Beyond increasing company spending to secure critical information, companies can greatly reduce their chance of data loss simply by educating their workforce on the dangers. Remember the previously mentioned statistic: 69% of company data loss originates from within.

Beyond accidental data loss, many powerful pieces of malware also spread by employees ignorant of the dangers posed by strange emails and links with unknown origins.

This is perhaps the most tragic example of a big security win going to waste. Companies could greatly improve security by educating their employees on some very basic security policies. What better way to for an executive to position their organization as a leader in security than through an educated workforce?

The truth is most IT departments are aware of the proper technologies and security policies and are capable of implementing them. It is simply a matter of leadership having the foresight to protect their organization before a large data loss occurs, not after the fact.

Clement Cazalot is CEO of docTrackr, a document security as a service company

What’s hot on Infosecurity Magazine?