Everyone in the C-suite has a stake in keeping their company’s intellectual property and internal communications secure, away from prying eyes. While Chief Security Officers (CSOs) are growing in popularity, CIOs are still the first line of defense to secure the technology and communication systems used by their employees.
As I work with various clients, the onboarding process now, uniformly, includes an in-depth orientation to their security protocols. What I can accomplish is less important than how I accomplish it.
The biggest buzzword during these introductions is “phishing” – messages designed to trick employees into entering their credentials into fake websites or forms that send the data to hackers.
And email isn’t the only risk area. Social media has become a breeding ground for phishing links. For example, two official Equifax tweets accidently included links to a fake Equifax site. To make things more embarrassing, this was in the immediate aftermath of a statement advising consumers that their data had been compromised.
It seems like the moment new protocols are distributed to employees, and new security patches are made, the hackers come back even stronger than before. CIOs have a lot on their plate. They’re already being stretched thin by the increasingly rapid pace of product development, rollout and upgrade.
CIOs are leveraging vendor relationships to deploy comprehensive security platforms.
The problem is that by the time a weakness is identified, it’s already too late. Imagine the farmer sticking his finger in the dike as water leaks through the damn. Eventually, the farmer runs out of fingers and the water bursts through.
The best solution that I’ve seen implemented is a comprehensive platform. Outside vendors have access to data about security threats being executed against a variety of firms. When they sign a new client, they use the feedback from their tools to update their systems in real-time.
This cloud-based threat monitoring and detection has been rolled out to consumers in the form of antivirus software, malware defense and firewall protection. Today’s businesses are taking note – even if it means loosening their tight grip. Of course, consumer-grade security software isn’t up to the rigors of Fortune 500s and their vast infrastructure.
CIOs can and should have an in-house Information Security team. But their efforts are greatly supplemented by the SaaS email security platforms that vendors are providing to today’s enterprise customers. And for SMEs, the cost-savings provided by a turnkey email security solution is a gamechanger.
CIOs are looking for a specific feature-set to protect their internal and external communications.
To better understand what CIOs of both Fortune 500s and SMEs are looking for, I connected with Mike Petsalis, CEO at Vircom. Their modusCloud is able to compile threat analytics from all of their clients, as well as international databases and provide end-to-end email communication security.
They advised that there’s a specific set of requirements security experts are looking for. They want:
- Time-of-click URL validation
- Malware analysis
- Email encryption, and
- Cloud archiving of communications
This allows for an email – often the weakest link in a company’s internal communication system because of its exposure to third-parties – to be thoroughly vetted upon arrival, engagement and transmission back to the outside world.
CIOs report that their organizations are more effective with these types of systems because the spam that clogs inboxes is filtered before it reaches the data center’s server. Heuristics-based analysis is used to virtually eliminate false positives.
CIOs have an inaccurate image of the array of bad actors looking to take advantage.
The average CIO is roughly 43 years old. This means that they first engaged with tech culture when Radio Shack was a major player in the PC business – selling Tandy 1000 TLs with exciting new technology, like a 3.5-inch floppy drive and DOS.
The “bad guys” of 1988 were college nerds like Steve Jobs and Woz, trying to hack their way into making free long-distance and international calls.
Today is a much less innocent time. Drug cartels are heavily investing in cybercriminal activity. There are entire markets of freelance malware architects and government-sponsored hackers creating viruses that are designed to penetrate virtually anything thrown up to deter them.
CIOs don’t need to take on these threats alone. It’s almost impossible. Crowdsourcing cybercrime is the new norm. Therefore, it’s important that CIOs leverage cloud-based technology that provides a defense to real-time security threats on a global scale. And in the traditional SMTP infrastructure, there are more potential security holes than CIOs have fingers.
This article is published as part of the IDG Contributor Network. Want to Join?