No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

4 Unhelpful Assumptions Damaging Business Security

It’s Time to Confront These Long-Held Beliefs

by Steve Durbin
September 4, 2020
in Cybersecurity, Featured
illustration of foot stepping on buried landmine

Organizations are under an ever-growing host of threats. We’re seldom as safe as we think. Information Security Forum’s Steve Durbin outlines some standard beliefs it’s time to call into question.

While the internet is an essential business conduit for countless organizations, it also harbors many serious security threats. Cybercrime is positively thriving in the midst of a pandemic that has caused major disruption across the globe. The specter of state-sponsored attacks, the rapid proliferation of connected devices and the difficulty of securing disparate networks spanning countless cloud services has fostered an ideal environment for cybercriminals.

Business losses due to cybercrime data breaches are expected to top $5 trillion by 2024, according to Juniper Research – an increase of almost 70 percent from 2019. With 5G networks on the horizon offering greater connectivity and speed, the threat of targeted campaigns by cybercriminals looms large, and concerns about the damage malicious insiders can wreak are growing.

Complicating these threats, and throwing up barriers to solving them, are some widely accepted business paradigms that need to be challenged.

1. Overreliance on Technology Over People

Digital transformation has progressed rapidly across the business world, and it has brought many benefits, but the rush to embrace technology as a panacea for all problems has led to overreliance upon it. Organizations will happily set aside big budgets for security software, but – with skilled professionals in short supply – they may lack the internal knowledge to configure it properly and extract maximum value from it.

The reality is that people are often the easiest way for cybercriminals to gain access to data. The success of social engineering scams and the major role phishing plays in infiltrating networks points to a need to invest less in technology and more in people. It’s not enough to have strong security policies in place; companies must ensure that employees are fully cognizant of the guidelines.

Security awareness training should be regular and compulsory for everyone. Follow-ups and mock phishing tests can provide valuable data on whether the training is sinking in properly and highlight candidates for further work. Particularly now, when more people than ever before are working at home (often in insecure environments and using personal devices), instilling good security hygiene is vital.

2. Faith in Business Continuity or Disaster Recovery Plans

Many organizations believe the best way to get through a crisis is with a business continuity plan, and the importance of disaster recovery plans is widely accepted. The problem with putting a lot of faith in business continuity plans is that they rarely cater to long-term problems. The focus is usually on dealing with a bump in the road and then returning to “normal” as swiftly as possible. But what if the goalposts have moved? How do organizations adjust to a new normal?

While it does make sense to plan for different scenarios, it’s crucial to foster genuine agility and resilience in a business. All employees, not just security professionals, should be empowered to assess, highlight and proactively tackle security risks before they develop. Businesses must be adaptable, which requires a flexible mindset and the ability to change gears and throw out false assumptions based on emerging evidence.

3. The Board Always Knows What’s Best

Corporate boards should contain plenty of experience and wisdom, but business leaders are every bit as susceptible to common worries as the rest of us. While boards may perform admirably in familiar situations, setting a course based on past experience, what happens when businesses sail into uncharted waters? The idea of the omnipotent board can lead to disaster.

To combat this, organizations should maintain a clear and concise vision of business-critical functions. It must be transparent what data, resources and systems are essential. Everyone in the company must take responsibility for protecting this valuable core and weigh in with their opinions. The idea of boards shutting themselves away and issuing commands without proper input from everyone concerned is deeply flawed. Security must be woven into the fabric of the organization so that it is factored into the daily life of every employee.

4. Compliance with Regulations Means the Organization is Secure

As technological disruption has gathered pace over the last few years, regulators have struggled to keep up. It is a legal duty to ensure compliance with regulatory frameworks, but it is not a guarantee of safety and security. For global businesses, there’s a complex, ever-evolving set of regulations to keep up with. Focusing too much on compliance as an end goal can cause companies to take their eye off the ultimate motivation, which is to secure data.

Adhering to legal regulations is not optional, and no business can afford to ignore them, but leaving security planning up to external institutions and regulators is risky. Businesses should adapt an integrated approach, ensuring compliance, but also approaching risk management from an educated perspective with the right talent prizing business critical functions at the forefront.

These assumptions will be deeply entrenched at many organizations and may prove difficult to challenge, but they must be challenged if companies are to secure a healthy future in such uncertain times.


Tags: Business Continuity PlanningCybercrimeData Breach
Previous Post

Breaking Down Silos to Improve Risk Assessments in Foreign Jurisdictions

Next Post

Challenges with Employee Screening in the COVID-19 Era

Steve Durbin

Steve Durbin

Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments. Previously, he was Senior Vice President at Gartner.

Related Posts

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

cisa website

What Can Your Organization Learn From the New CISA Strategic Plan?

by FTI Consulting
January 11, 2023

Cyber threats against organizations of all sizes are only rising as scammers and fraudsters become more and more sophisticated. Kyung...

checklist

5 Tips to Gain Compliance on Your Compliance Training

by Stu Sjouwerman
October 12, 2022

We know that compliance doesn’t necessarily equal security and that training employees is vital to preventing cyber attacks. But a...

data spillage

Instead of Crying Over Spilled Data, Shore up Your Governance Practices

by Rich Hale
October 12, 2022

The reputational damage and compliance failures that result from a data spillage incident are well-known, and as the volume of...

Next Post
Drug testing work from home employees

Challenges with Employee Screening in the COVID-19 Era

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT