7 business security tips from leading infosec experts

10 Jan 2022

Image: © alesmunt/Stock.adobe.com

To start off the year in a strong security position, we rounded up some of the best advice from top experts and leading CIOs.

Throughout 2021, we spoke to many CIOs, CTOs and security and data experts about the trends they see coming down the line in their industry and their thoughts on digital transformation. We also asked them to share their top security advice for companies and business leaders.

As we begin a brand new year, now is a great time to review your security processes and infrastructure and heed the advice of these thought leaders.

Create clear infosec policies

One of the top tips that came up time and time again was to ensure you have clear security policies for your internal staff.

Almost every security expert we spoke to said that proper cybersecurity and the risk of an attack all comes down to the human element.

“The human element is often the weakest element in a company’s cyber defences,” said Steve Cairns, CIO of Exigent. “It’s also important to ensure that they are as well informed as possible to spot suspicious activity, such as a phishing attack or a social engineering call.”

Vicki Reynolds, CTO at i3PT, also spoke about the importance of properly trained staff. “Sometimes it’s not realistic to have the highest infosec restrictions in place, especially if you’re a start-up or a smaller organisation, and so it’s critical that staff are trained appropriately – you’re only as strong as your weakest link.”

Properly classify data

One of the most important elements of protecting your company’s data, is to know what you have and to have it properly classified. That’s according to Glassdoor’s Bhawna Singh and Epam Systems’ Sam Rehman.

“It’s important that we have a process in place to continuously identify and classify sensitive data so we can apply the right security measures and control access to it. Have log trails set up for any sensitive data access,” said Singh.

Rehman agreed and said leaders should “start with knowing what is critical” to the business. “Inventory and classify your data, understand what is important to you and then put the right and practical controls in place – with practicality and efficiency being the key.”

Adopting zero-trust

Adopting a zero-trust model has been high on the agenda for security experts for many years now, so it’s no surprise that it continues to be one of the top tips for businesses.

BairesDev CTO Lucas Hendrich said it’s essential that organisations adopt a zero-trust strategy. “This strategy considers that breaches will happen and contains them, versus banking on all-or-nothing protection behind a firewall.”

IBM’s CIO Kathryn Guarini also supports a zero-trust framework, which has been adopted by Big Blue and includes advanced identity protection, vulnerability management and threat detection.

“We are [also] adopting security-by-design approaches in the development of our IT solutions to ensure they are foundationally secure against growing threats. And we are adopting IBM’s confidential computing technologies to protect sensitive data at all times.”

Think about cloud security

The last two years have seen a massive migration to the cloud, a move that has been broadly seen as a good thing from a security point of view.

However, because this move was done so fast due to the pandemic, some experts have warned about the importance of ensuring your cloud security is not forgotten about.

“More data and workloads in the cloud also means there are additional systems with additional data to secure. The same is true when using a private cloud,” said Mitel’s CIO Jamshid Rezaei.

“As organisations continue to make these shifts, it’s important that they have a dedicated security team who’s well versed in current standards and knows how to work within the current framework.”

Learn from others

Many CIOs and thought leaders in the infosec space say it’s not a case of ‘if’ but ‘when’ you will suffer a breach.

Add to that the evolving technology used by bad actors and it’s vital that security professionals are not trying to guard the castle alone.

Goal Global’s CTO Janet Humphreys said her team tries to stay on top of new trends in managing emerging risks and they work with many partners to stay ahead as well as learning from the corporate sector.

“Learning from others is important for us as an agency committed to continuous improvement,” she said.

Invest in infrastructure

When it comes to budget, pumping a lot of money into what can often be seen as a preventative measure, may seem costly. However, suffering a breach or a cyberattack can be far more expensive to a business.

Pure Storage’s Cathleen Southwick spoke about the importance of investing in proper security infrastructure. “It’s critical that CIOs invest in secure infrastructure such as confidential computing, the virtual private cloud, and rapid backup and recovery systems,” she said.

Take a security platform approach

When security teams are understaffed and have to work on multiple tools that don’t communicate with each other, it can be easy for them to burn out when they’re facing attacks from bad actors who are relying on automation.

Palo Alto Networks CISO Niall Browne said progressive security leaders have noticed they can prevent themselves from falling further behind if they pivot to security platforms.

“This security platform approach allows for all these security technologies (endpoint, server, network) to communicate with each other on the platform and embrace the desperately needed automation,” he said.

“This now enables thousands of security decisions to be made in real time, to now protect the business against adversaries that are relentless and ever evolving.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Jenny Darmody is the deputy editor of Silicon Republic

editorial@siliconrepublic.com