The Sixth Question(s) Today’s CEOs Should Ask (& Know the Answers To)

Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams.

In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the type of answers teams should be providing.

This week we dive into the question(s):

What percentage of critical data is known and encrypted? &  Why is this question important as a CEO?

The clearest and most recent example is the Equifax breach. This breach resulted in more than 145 million Americans having their private information stolen. Equifax failed to encrypt this data set and that failure made the data usable by the perpetrators of the crime. One control could have actually prevented the data from being usable regardless of the underlying vulnerability that resulted in the breach itself.

As a CEO, it’s not important that you understand HOW cryptography actually works. (Although we welcome more of you to understand the technology that enables security, we certainly don’t expect you to.) However, you ARE responsible for the data and should know that encryption is in use for all critical data.

The first step would be to know whether or not critical data is accounted for by having an inventory. You can’t protect what you don’t know about and the team will have work to do to discover it and maintain the program around it. Being in a “known state” is a huge step to having a successful program and ensuring your critical corporate and customer data is protected in the event of a breach.

Knowing the percentage of data encrypted will help you track whether or not you have the right budget, resources, and efforts assigned to the protection of your data. Having encrypted data sets is a great way to mitigate lots of attacks. As long as it is properly managed, it becomes very difficult to crack it and read the contents rendering the data useless from a profit or intelligence perspective.

There are a number of different methodologies to encrypt data. Your team should be able to answer any questions you have as a follow up to this one but thinking of critical data locations and whether or not they are encrypted is a great way to ensure that, even if breached, it will remain protected. It’s also the right thing to do and doesn’t cost a ton. It’s one of the most cost effective measures a team can take to protect themselves.

Think of encryption as the fail safe when all other measures to protect your data have failed. That’s an oversimplification but I think you get the point.

The post The Sixth Question(s) Today’s CEOs Should Ask (& Know the Answers To) appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.
Promoted Content
7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Everyday companies put more of their assets in digital form. Healthcare records, retail purchases and personnel files are just some of the many examples of how our entire lives have moved online. While this makes our interconnected lives more convenient, it also makes them more vulnerable to attack. The monetary benefits of exploiting these vulnerabilities have created an extremely profitable underground economy; one that mimics the same one we all participate in and has led to an increase in the sophistication and frequency of attacks. At the same time, mobility and cloud are changing the security landscape. We’ve moved from a centralized to a decentralized model as end users increasingly work on-the-go and access critical business applications and resources from anywhere. As such there is more emphasis on the endpoint and individual identities - from both the defender and the attacker - than ever before. As endpoints become smarter, new challenges emerge: emerging ransomware and 0-day exploits infect all kinds of systems with ease, while many attackers use no malware at all to accomplish their malicious goals. With all this change, we spoke to 7 leading security experts to identify what’s working and how they’ve influenced their organization to make the necessary changes before becoming the next victim.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?