Aligning people, process and technology
"There are plenty of organisations that are spending hundreds of millions on security a year, but they still get breached," said Crucq. "This just shows that they have breached the fundamentals of security."
"There is no silver bullet to security, and such incidents are bound to happen. When that happens, you need to be able to respond in a standard way. You need to have the right skill set to find out what's happening, whose involved, what information has been leaked and for how long the attack has been going on," he added.
In order to obtain such strong visibility, CIOs should be mindful to adopt a holistic view on security. This means making sure that the three "stars", or elements - people, process and technology - are aligned.
"You can have the best technology, but if you don't have the people to operate it, it's useless. On the other hand, if you have the people to operate the technology, but if you don't have the processes in place, it's still chaos," explained Crucq. "Aligning these three elements can help you to better protect, detect, respond and mitigate cyber attacks."
Responding to such security attacks, companies should adopt an agile security framework. In order to do so, companies should provide a "different layer of intelligence" on top of that to create a holistic view. This can include assessing the threat intelligence capabilities and integrating all these assets to improve overall security, said Crucq.
He also pointed out that investing in information security is crucial as it helps provide companies with the right systems and tooling in place to offer the right information at the right time. However, it is imperative for them not to simply and blindly buy technology. "Think first about what you are doing and how you want to go about doing it. This includes ways of implementing, operating and managing it," advised Crucq.
Sign up for Computerworld eNewsletters.