Today’s tools and software as a service make high powered, widely deployed capabilities possible without the involvement of the Information Technology or Information Security groups within your organization. These types of activities may be very effective in terms of speed, but may put large amounts of data at risk if not handled properly. The hosting organizations may not have as rigid a security posture, and the service agreement may not specify immediate and automatic notification of any type of cyber compromise.
Making sure the corporate information assets are protected is everyone’s job, and the board of directors and C-Suite should create a culture of security awareness that is pervasive and second nature over time. Only by working together can we minimize the potential for an attack or compromise.