Given the accelerating frequency of data breach announcements and the fallout that occurs when discovered, the historical approach taken by many organizations to addressing known weaknesses is not working. Our premise is that many corporations need to consider fundamental changes in approach to cyber risk that goes beyond their current endeavors.
Protecting the company is much more than installing the latest firewall or virus scanner, because people are both a key risk and the key asset in reducing overall cyber risk
In this paper we discuss six key practices – that both address recently exposed weaknesses as well as fundamental changes beyond – that leading companies are now taking to improve their cyber defenses:
1. Move beyond a castle-defense model
2. Harden your data assets
3. Migrate from APIs to secure APIs
4. Don’t just secure, verify
5. Make security a primary design requirement
6. Upgrade your cyber risk culture and accountability structure
