IT security: 10 essentials for CIOs in 2021

IT security: 10 essentials for CIOs in 2021

Our rapid adoption of new digital tools during the past year makes security more important than ever. These best practices will help keep your data safe in 2021 and beyond

up
29 readers like this, including you

The boundaries between traditional IT and cybersecurity are all but gone: Every key leader now has a stake in maintaining cyber resilience. But no role is more affected than the CIO. Here are some straightforward tactics to keep you grounded as you navigate security dangers in 2021.

1. Keep an adaptable mindset

One of the most effective and efficient things a CIO can do is to plan for rapid change and learn to improvise, adapt, and overcome any challenge. The evolving threat landscape is dynamic and evolves constantly. Criminals are well-resourced and well-coordinated, and they have an army of automated tools at their fingertips to exploit the global economy. CIOs must remain vigilant at all times to ensure they are not next to be publicly called out for a breach that could have been prevented.

[ How can automation free up more staff time for innovation? Get the free eBook: Managing IT with Automation. ] 

2. Join the wolf pack

Don’t be a lone wolf. Build and expand a community-based approach to cybersecurity. Join industry, regional, and topic-based organizations such as Information Sharing and Analysis Centers (ISACs)Information Sharing and Analysis Organizations (ISAOs), as well as special interest groups. Security is a group effort. Start by forming a neighborhood watch.

3. Stay informed

Nation-state hackers target private corporations as well as countries.  Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs) can help here. Many cybersecurity providers offer freemium-level content that can provide high value at low to no cost. Consider evaluating commercial and government-provided threat intelligence, which can provide customized visibility into your unique use cases and be ingested into your larger architecture to include ITSM, SIEM, SOAR, or related technologies.

[ Get the primer: What is SOAR (Security Orchestration, Automation, and Response)? ]

4. Learn to do less with more

Budgets are tighter than ever at organizations around the globe, and procurement scrutiny is at an all-time high. Over 75 percent of large enterprises have 16 or more security tools in the environment; some have up to 60 or more. Evaluate your core use cases and identify where you might trim the fat. Balance the pros and cons of best-of-breed solutions that can take a targeted approach and all-in-one tools that can be more cost-effective. Prioritize solutions that ultimately can reduce your bottom line. With proper analysis, key investments in critical areas can greatly reduce costs.

5. Align security and business strategy

A finite budget means hard tradeoffs. Fully understanding your risk tolerance, security maturity, and exposure will ensure the longevity and financial viability of your business. This is a high priority that comes with serious consequences, and it is too often overlooked.

6. Keep it simple, stupid (KISS)

The simpler the approach, the more likely it will be easier to implement, use, maintain, and ultimately address the core problem. A proper cybersecurity skillset is hard to find. Using easy-to-use automated solutions to address complex problems will act as a force multiplier for your business.

[ Read also: 5 approaches to security automation and How to automate compliance and security with Kubernetes: 3 ways. ]

7. Mind the human firewall

You can spend millions in security and over-communicate priorities horizontally and vertically and still fall victim to your weakest link: the human firewall. Maintaining vigilance and enforcing best practices with standardized governance will go a long way to ensure social engineering and prevent a phishing email from causing your next data breach. You must continuously monitor and enforce this.

8. Maintain transparency

CIOs understand it is not if, but when, a data breach will occur. IT leaders must lead from the front. What matters is not what happens to you, but how you react to it. Being responsible also means being response-able.

9. Understand and assess your attack surface

Digital transformation is in full swing. Many corporations have advanced in a single year capabilities that may otherwise have taken 10 years. Cloud, IoT, 5G, AI, and other technologies that were once the stuff of sci-fi novels are now discussed daily in the boardroom. As you install these digital tools, don’t forget to also include the proper locks.

10. Security doesn't stop at your four walls

Even if you do everything perfectly, if your friends and family fail to do their part in maintaining security, the system will fail. Be sure to monitor and maintain security effectiveness across your entire ecosystem 24/7/365.

[ How do containers help manage risk? Read also: Ten Layers of Container Security. ]

Brad LaPorte is Chief Evangelist at Kasada. He has more than 15 years of combined cyber security, product management, and business experience. Brad has been on the frontlines fighting cybercriminals and advising top CISOs, CIOs, CxOs and other thought leaders on how to be as efficient and effective as possible.

IT leadership in the next normal report

7 New CIO Rules of Road

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Kapil Vyas
February 26, 2021

In times of great change, strong communication skills are essential. Here's why – and how to develop them

Submitted By Rajan Sethuraman
February 25, 2021

Can a candidate translate their artificial intelligence skills into business results? Consider these AI job interview questions, hiring managers and job seekers.

Submitted By Ginny Hamilton
February 25, 2021

Which IT skills do CIOs say will be in high demand this year? Think cloud, cybersecurity, and communication, for starters.

x

Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.