There is no doubt that improving the cybersecurity of your company is more important than ever.
Cybersecurity Ventures predicts cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. Hackers are always looking for new ways to target organizations, steal their data and extort them.
As tech leaders, and specifically CTOs, are faced with the main responsibility of preventing leaks and eliminating threats, we want to give an overview of the best actions you can do as a tech leader to improve the cybersecurity of your company.
Cybersecurity is a key issue that has been rising in importance over the last few years. The internet and computer networks are integral to our society and economy, with almost every company on the planet having a web presence.
Cybersecurity is not just about preventing cyberattacks but also ensuring that systems are secure enough to withstand any attack as well as protecting them from data breaches and hacks.
The main problem is, that there are more incentives for hacking than ever before, with companies spending millions on cybersecurity products yearly while many of them still fall victim to an attack.
As we’re a tech leadership academy, we have some great alumni and current leaders with us. We reached out to get the recommendations from them and here’s our collected list of the best advice.
Andrew Ryan, Head of Development, UK
Make sure to communicate potential security threats, including (and perhaps especially) ones involving social engineering – that’s key to improving the cybersecurity of your company
Not everyone in the company will have as high a level of tech literacy and awareness of these things, let alone know what a cyber defense strategy is, so don’t take it for granted.
Anecdotally, I sent an email blast to the entire company warning of scam emails from people pretending to be clients or even other staff members. Not two hours later, our CEO had a message from an acquaintance on linked in asking for his input on something if he could click a link. My email set alarm bells ringing. He phoned the guy directly and indeed, his account had been hacked and was sending out phishing messages.
Jim Mortensen, CTO / CIO, USA
“After doing a couple dozen buyer/investor-side technical due diligence projects over the last 9 months, I see 6 consistent gaps in security practices of organizations. “
We’ve turned these points into actionable items:
Many companies are failing to train employees on how to avoid cyber attacks. With hackers becoming more skilled, it’s important that we do all we can to protect ourselves from these security threats. Encrypting passwords, 2-factor authentication, and securing inboxes, should all be on the list of items.
It is important to keep your website secure. A regular external vulnerability scan can help you identify vulnerabilities and fix them before they become a major problem.
Penetration testing is the process of simulating an attack on a computer system or network. Penetration testers are asked to try to get into a company’s system, whether it’s through social engineering, hacking, or other means. The goal is for companies to test their actual security risks and determine where they’re vulnerable before real hackers can break in. You can get software for this like www.invicti.com or www.getastra.com/pentest
Whether it’s PCI DSS, HIPAA, or GDPR, companies of all sizes must be aware of and implement new compliance regulations to ensure that their data is safe and secure.
Make sure to have management and/or oversight of the vendors you’re collaborating with. Their security threats can easily become your security threats.
The best way to protect your company is to make sure you have a strong, reliable IT infrastructure. That’s why it’s important to regularly assess the risk of your system and take steps to minimize them.
Paul Clegg, CTO, UK
Starting simple. Start with People. they’re a double-edged sword. Their awareness and behavior are paramount before implementing specific tools. e.g our most basic tool is company values.
For example, our values are professional, focused, creative, and collaborative. We’ve given our team examples of behaviors that support staying secure in relation to company values.
Morgan Davies, Software Development Manager, UK
The best way to avoid security issues is to get InfoSec involved in the design and development process of software. If security is only considered after features are developed, vulnerabilities will get through.
We can measure:
Josh Lopez, CTO, UK
As was mentioned here already, security awareness training is of paramount importance.
Zero trust is also critical for improving the cybersecurity of your company. You’ll have to implement network segmentation within the environment with least permissive access always.
A shift I have also seen is not if you will be hacked, but when.
Ensure your incident response plans are adequate and test them. See how long it take you to detect, respond, contain, and recover from an attack. Many companies invest in AV, IDS/IPS technology, among many others, but the human response is weak.
Although these tools are essential, as well as frequent vulnerability management and mitigation, making sure you are able to really respond to an incident effectively is key.
Remember, it’s not if you will get hacked, but when!
You can try software like Riot. We just started using it and it is a really amazing tool.
It’s clear that improving the cybersecurity of your company clearly has technical elements and human elements to them.
The security of your organization is dependent on the members within it. There are many systems, processes, and software that can be used to defend against cybersecurity attacks but if your team and organization are not trained to prevent or avoid them then your chance of it happening is getting higher.
90 Things You Need To Know To Become an Effective CTO
An IT Manager (a.k.a Information Technology Manager) oversees and manages IT operations, systems and infrastructure. Additionally, they serve as a connection between technology strategies and the broader goals of the organisation. As such, they a) ensure the efficient, secure operation of IT resources and b) nurture the overarching objectives of the business. Common types of […]
As many of you will be aware, one of our key missions at CTO Academy is to see a CTO on every board. A part of that mission is to research the real value of a CTO. Now, we can all agree that it is nonsensical not to have deep technical knowledge at the board […]
In this post, we explain the relatively new Field CTO role and how it differs from a more traditional Chief Technology Officer role. We will see how a Field CTO job description determines the type of person suitable for the job. We will take a look at the job prospects and, of course, the average […]