This article originally appeared on Chief Executive. Click the link below for the full version.
Cyber defense is no longer a compliance initiative — it’s now a CEO and board-level topic. When we see leading brands like Marriott with healthy security budgets get owned by the threat actors we should all take note that what we put in place yesterday — or even today — isn’t good enough, unless it has a dynamic and future-proof roadmap.
CEOs should initiate a comprehensive security review that encompasses technologies, procedures, and general system health. All too often cybersecurity is approached from a defensive posture where parameters are built around existing systems. Even when best-of-breed technologies are used, cybersecurity is a complex set of layers that should work collaboratively but may require stand-alone review. Policies should be regularly audited, systems must conform to those policies, and defensive measures must be in place to ensure anomalous events are recognized and acted upon.