“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”—Sun Tzu

When it comes to protecting your company’s sensitive systems and data, do you truly know your enemy? Showy hacktivists, out for nothing more than a flashy outage and media attention, are the foes who most easily spring to mind, but they’re only the tip of the iceberg. The greatest threats to corporate network and data security are 1) those who seek to intrude undetected into your systems and 2) your accidentally careless and complacent employees who let them. These intruders are patient, they’re meticulous, and they’re eyeing what you have and are planning to get it, 24/7.

By now, we should all be aware of the inadequacies of passwords. Breach after breach, it's been made painfully clear that single-factor authentication is not enough. But when the traditional means of authentication are so clearly flawed, what’s the next step?

Generally speaking, the best practice is to step-up your security with either two-factor or multi-factor authentication. As these standards have quickly become essential parts of the information security toolkit, they've also become top-of-mind considerations for many IT and security pros.

Now that you’ve used the points outlined in the last installment of our series to discuss with your CEO how important security is to both your organization’s bottom line and your CEO’s job, it’s time to begin the process of education. There are several realities about security that your CEO must understand as you work toward a modernized security strategy that will optimally protect your organization from outside threats and inside vulnerabilities.

Eliminating or reducing the number of passwords in the enterprise remains a top focus of management and security professionals alike. While single sign-on technologies, such as password managers, identity federation, and operating system-based technologies, that reduce and simplify the number of passwords have been in use for years, the number of passwords and emerging technologies to address the problem has also increased.

Intruders Thrive on Complacency.

When it comes to the threat landscape, nothing makes information security teams shudder more than complacent users, whether they be employees, partners, vendors, or customers. Yearly security and awareness trainings have become all the rage (rightly so), helping to check off boxes on company compliance audits. However, all too often, new users or even seasoned veterans can be caught off-guard and open the door to evildoers.  

In the first installment of our series on security and the CEO, we discussed the dangerous disconnect between the rosy view of security held by the C-suite and the much grimmer reality seen in the trenches of IT. Today, we’re going to talk about the consequences of executive overconfidence in your information security program.

The digital transformation of the last two decades has placed cybersecurity front and center on the CEO agenda. Customers now place vast quantities of personal information into the hands of businesses, with the expectation of a certain amount of privacy and confidentiality in exchange. The ability to meet this expectation is crucial in order for a business to retain customers and build its brand.

So, what does 2017 have in store for the security industry? While there’s no crystal ball that can tell us for sure, we’ve got our eye on a few key trends.

Entering a new year, we always take a look at what the latest in identity and access management  (IAM) and cybersecurity threats means for the security industry. This year, we specifically focused on answering three key questions:

A recent survey conducted by Accenture found that over the past year, roughly one in three targeted attacks resulted in an actual security breach. When you consider that the average company faces more than one hundred focused attacks launched against them every year, these numbers are alarming. This equates to more than 30 successful data breaches every year against a single company, with just one data breach having the potential to result in millions of dollars in losses.

*Disclaimer: This article originally appeared on IDG Connect. 

Over the past few years, Governance, Risk, and Compliance (GRC) have become three of the hottest topics in Information Technology circles. The growing demand for compliance with federal and state laws, as well as industry best practices, has necessitated a closer look at IT governance, as well as solutions that help to ensure an organization has invested their time and efforts wisely, through management and implementation of such technologies as access control, data protection, and identity provisioning and management. Proper design, application, and usage of these key technologies (and others) help to control necessary risk management activities and ease the efforts that are required to remediate or address areas where compliance is lacking.