Image Credit: Photo by NeONBRAND on Unsplash
CIOs have known for a long time that their firms are under assault from outside forces. Your company has developed a vast warehouse of valuable information that outsiders would love to be able to get their hands on. As the company’s CIO it is your job to prevent this from happening. However, in order to perform this task successfully you are going to have to make sure that you are aware both of the threats that you are facing as well as the ways that you can defend yourself.
What Are The Threats That CIOs Are Facing?
CIOs can’t defend themselves against people who want to break into their company’s networks unless they have a good understanding of just exactly what that threat looks like. One of the greatest threats that CIOs have to deal with right now is that their company’s employees have a great deal of access to the company’s applications and data. At the same time that this access has been granted to so many employees, the rise of the nation-state hackers who want to break into your company’s systems has dramatically increased. The four greatest threats come from Russia, China, North Korea, and Iran.
CIOs need to understand that one of the weakest points in the wall of security that they have constructed around the company are the company’s employees. The bad guys understand the importance of information technology and are spending their time trying to find ways that they can exploit our employees in order to gain access to the company’s systems. The employees are so valuable because they have legitimate access to the company’s system. As CIOs we need to spend our time trying to determine how we can limit people’s unnecessary access to company systems no matter if those systems deal with intellectual property, sales or marketing data, or new product development.
How Can CIOs Deal With Evolving Cyberthreats?
Dealing with evolving cyberthreats means that CIOs are going to have to change the way that they think about what they are up against. Unfortunately one of the things that we’re going to have to do is to understand that when there is an attempted break in to our network, we may no longer be able to get to bottom of understanding who was behind the attempt. In all honesty, we need to get comfortable with the fact that it may not matter who is trying to break in. What does matter is that as the person with the CIO job, we are able to keep the bad guys out.
The person in the CIO position needs to spend their time wisely. What we need to be doing is keeping our focus on the techniques, the tools, and the people that we have in order to determine what the bad guys are really after. What you are going to want to be doing is trying to get inside of the head of the hackers. CIOs need to understand that what they are dealing with is not really a technology problem but rather a people problem. People are the ones who want to gain access to the information that your company has. This access will provide them with information that they don’t currently have.
The reason that they are trying to get their hands on your information is to give them an edge in the world of business. This means that you are going to have to think about what the bad guys are trying to get out of you and your company. Once you understand this, you’ll be able to put the technology controls in place to stop them. Get this right and you can prevent problems from happening in the first place.
What All Of This Means For You
The bad news is that cyberthreats are real. As CIO we need to understand that our companies are under assault from outside forces who want to find a way in. Your company has a great deal of valuable information and customer related data that outsiders would love to get their hands on. It is the responsibility of the CIO to both understand the threats that we are facing and come up with ways to defend against them.
The challenges that CIOs are facing are changing. The greatest threat that CIOs are currently facing comes from the company’s employees. At the same time the rise of nation state hackers is causing the threat level to the company to increase. The company’s employees have a great deal of access to the company’s applications and data. This makes them one of the company’s biggest weak points. CIOs need to look for ways to reduce the amount of unneeded access that employees have. CIOs have to adjust their thinking and understand that they may no longer have to understand who is trying to break in as long as they can keep them out. The outsider threat is really a people problem. CIOs need to spend time trying to get into the heads of hackers and understand what their motivation is. Understanding what the bad guys want is the key to creating the systems that will keep your network safe.
The good news for CIOs is that it is possible to keep their networks safe from outside forces. The challenge is that this is by no means an easy thing to do. What we need to do is to take the time to try to understand the motivations of the people who are trying to break into our networks and then create defenses that will keep them out. If we can take the time to truly understand what we are up against, then we’ll be able to provide our companies with the security solutions that they need.
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™
Question For You: What do you think would be the best way for a CIO to be able to get into the mind of a hacker?
Click here to get automatic updates when The Accidental Successful CIO Blog is updated.
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!
What We’ll Be Talking About Next Time
So just exactly what is this “friendship” thing? For that matter how important is it? For most CIOs, friendship is very important. We’d all like to have as many friends as we possibly can. However, in this day and age we often indicate our friendship with someone by “friending” them in online social media sites. As both you and I know, friendships can change over time and so that brings up the big question: should we friend people at work if we may just end up un-friending them online later on?