What on Your BOD’s Mind? First, Security. Then, Security.
April 27, 2021
by Paul O’Dell, CPP Partner
In my role at CPP, I am very fortunate to speak with many IT leaders within our customer base about their priorities. Almost 100% of the time it’s security. They are being challenged by their businesses, their customers and their board of directors. The majority will tell me it’s the first item of discussion on a board meeting agenda. How secure are we and can we stop an attack? Second item: how do we get back to normal if we are attacked? (The third item – AI initiatives to drive revenue or reduce costs – will be covered in a future article.)
So think about it. If your first 2 questions in a board meeting were based on security, where would you devoting the majority of your time?
It’s not an “all or nothing” world and you can’t sign away your responsibility to secure your data or your customers data. It’s just not possible. It doesn’t matter what anyone says. Unless you sell your company, you can’t transfer your responsibility. That was made abundantly clear at the Congressional hearings back in late February, which basically consisted of finger-wagging from legislators and finger-pointing by executives of SolarWinds, Microsoft, and FireEye. It’s also worth noting that AWS declined the invitation to testify in the matter, even though it’s been proven that their platform was used – along with others – to launch the attack. Read article here.
All that being said, you have to have a plan of action and it has to be continuously updating to stay a step ahead of the bad actors. There are literally thousands of tools out there and it is not easy to assess which combination would be best for the unique needs of your business and your industry. There can be some overlap but just enough so that there are no gaps and you achieve multi layered protection in a smart and responsible way.
Our team has done a lot of investigating and have successfully help clients shore up their defenses.
So, What Happens When I am Breached?
You can breached anywhere: your private cloud, their cloud (“everywhere a cloud cloud,” as the jingle goes…) The key is to follow a stringent and disciplined approach to protecting your data if you need to recover. “3 2 1” is still the rule that makes most sense. Three copies, two different media types and one off line (air gap). Do you have this set up right? How often do you test? Are you confident it’s a fail safe level of protection? Will you crack under the pressure cooker you will be in when a breach happens and seconds matter?
Have you set up a Marginot line or something that will stand up to a formidable opponent and will you be able to respond?
Your job, your company will depend on it. It’s the first two board items for a reason. Reach out if you would like to talk. Give us 30 minutes of your time and we will provide some invaluable advice and guidance. We have literally done so for hundreds of companies and are more than happy to add you to that list.