The C-Suite is beginning to wake up to the reality that cybercrime poses the highest risk to the organization, requiring the greatest focus to truly protect the organization.
There’s a scene from Tron Legacy, where Sam Flynn breaks into Encom’s data center to steal a copy of Encom’s latest operating system. While the stuff of great action movies, it’s just not realistic; it’s MUCH easier for a skilled hacker to “break in” via a remote access trojan (RAT), some lateral movement around a network, and the exfiltration of the desired files. No lock picking, flashlights, running from security guards, and, in Sam Flynn’s case, BASE jumping from the top of a building.
And while the physical security of a data center is still important, recent data from the Center for Cyber and Homeland Security at Auburn University highlights the shifting of focus by CEOs away from physical security in favor of cybersecurity.
According to the report, when asked to compare physical security to cybersecurity, the following prioritization came to light:
- Importance – 86% of CEOs prioritize Cyber over Physical
- Budget – 83% prioritize Cyber over Physical
- Personnel – 83% prioritize Cyber over Physical
- Strategy – 86% prioritize Cyber over Physical
The largest factor in this prioritization, according to the report, was the findings of internal risk assessments.
There are three great insights from this data. First, organizations are doing internal risk assessments of both physical and cybersecurity. Second, cybersecurity is found lacking in comparison to the nature and frequency of cyberattacks. And third, CEOs are realizing that something needs to be done.
Organizations seeking to identify and reduce cyber risk should leverage solutions designed to manage Governance, Risk, and Compliance (GRC). GRC solutions help to document policy, identify internal and partner/vendor risk, monitor the progress of risk response, and ensure controls are in place in accordance with internal and compliance mandates.