There are more than 1 billion websites on the internet. Just as that figure continues to grow at a dizzying rate, so, too, do concerns over website security.
Safeguarding digital assets is of central importance for virtually all global enterprises. Effective and secure websites are the lifeblood of the modern economy, but online payments and other forms of data sharing provide cyber criminals with lucrative targets at which to take aim.
Unfortunately, we have grown accustomed to the flood of data breaches and identity thefts in the news — and those are just the ones that become public. Business leaders determined to avoid falling prey to a potentially calamitous cyber event must make cybersecurity a core priority, rather than treating it as the information technology department’s concern. That starts with prioritizing a skilled, well-trained security workforce on the front lines of protecting enterprises’ precious information assets.
Investing in cybersecurity
Without clearly explaining a return on investment, investing in cybersecurity can be difficult for executives to accept. It is critical to make business-related arguments, addressing business continuity, customer trust and clearly linking investment to the organization’s business objectives.
Even for those organizations whose boards of directors recognize that cybersecurity investment is a business imperative, implementing a robust security program is an enormous challenge. Given the ever-growing number and sophistication of cyber threats, finding the right security professionals can prove an exasperating exercise. ISACA’s 2016 State of Cybersecurity Report showed that it takes 27 percent of organizations six months to fill a cybersecurity position — an unacceptable duration given the threats lurking in today’s landscape.
Simply waiting for qualified professionals to come knocking on the door is unrealistic. Enterprises should encourage upskilling from their current security workforce, either by offering training opportunities or encouraging employees to pursue pertinent industry certifications.
Enterprises also should be mindful that security by design is more cost-effective than security that is patched around systems. With the appropriate frameworks in place, taking into account response and recovery as seriously as prevention and detection, a robust and holistic security program can be put in place.
Bear in mind, cyber criminals are not the only ones capable of taking advantage of improved technology. Enterprises also can benefit from new and evolving methods for keeping pace with threats.
Leveraging modern mobile payments is a worthwhile consideration for enterprises and consumers alike who are concerned about protecting data during transactions. Advancements in mobile payment security technology — specifically the use of tokenization, device-specific cryptograms and two-factor authentication — can provide important security benefits that result in decreased instances of identity fraud and lower costs.
While it is important to keep an eye on what is new, emphasizing tried-and-true security fundamentals also goes a long way. Ensuring appropriate design and effectiveness of controls to identify critical assets, to protect them with preventive controls around a web application, operating system, network and infrastructure layer — to detect attacks and to respond to them and eventually recover from breaches — are key for cyber-securing websites.
There is much that can and needs to be done to promote effective website security. The threat landscape may be daunting, but leaving an organization’s reputation and future viability to chance is not an option.