Illusive Blog January 18, 2016

Navigate The Cyber Security Discussion In The Boardroom

By The Illusive Networks team


With so many high profile cyber crimes and security compromises hitting the news, most companies today are snapping out of the “it could never happen to me” mindset.

Cyber security threats have become an inseparable part of boardroom discussions, and CIOs must be prepared to respond to executive concerns and queries about data breaches.

The question remains—how well will your security plan hold up to this kind of scrutiny?

Tweet: Do you actually have a proactive approach for stopping #CyberCriminals once they’ve gained a foothold in your infrastructure?  The time has come for every CIO to prepare for a boardroom cyber security discussion. As you review your presentation, ask yourself the following — does it feel more like a reactive, fingers-crossed scenario, or do you actually have a proactive approach for stopping cyber attackers once they’ve gained a foothold in your infrastructure?

The Reactionary Approach to Cyber Security

Traditional cyber security strategies have focused on deploying an increasing number of security solutions—firewalls, intrusion prevention, threat detection, web app firewalls and more—all with the hope of keeping attackers at bay.

Unfortunately, it’s become fairly apparent that cyber security threats are bypassing these expensive security solutions with ease. They’re baiting employees with phishing schemes, launching DDoS attacks, and loading malware—just to name a few.

With major breaches occurring at Anthem, Experian, JP Morgan Chase and Sony, it’s clear that any company could be under fire.

Tweet: Here's a 3 question quiz we created to test your #CyberSecurity knowledge >>Here’ a short 3 question quiz we created based on Ponemon and IBM’s 2015 Cost of Data Breach Study: Global Analysis to test your cyber security knowledge:

Simply deploying numerous cyber security solutions doesn’t seem to be slowing cyber crime down; clearly, companies need to turn the tables on these attackers.

By taking a more proactive approach, you can increase your protection levels and change the way you talk about cyber security with the board.

The Benefits of Adopting a Proactive Cyber Defense Strategy

Imagine this scenario: you’re called in front of the board to discuss the state of your security program and provide details on the attack vectors used in a recent attempt to compromise your network.

Rather than providing a list of excuses and non-answers because your defenses have been compromised, you can confidently explain how well your defenses held up and what happened when they were attacked.


By augmenting traditional security approaches with deception technology, you can gain new insights into the human behaviors behind persistent attackers.

This will force them to take false steps as they navigate through your network so you can characterize their methods, trace their steps and stop them before they reach their intended goal.

While Gartner believes that a proactive approach to cyber security threats using deceptions is still in its early stages, research shows that deception technology can vastly improve the defenses that you already have in place.

More importantly, deception technology gives you an added advantage at stopping cyber security threats in their tracks – and learning about warning signs very early in the process.

Have You Had the “Security Talk” with Your Board Yet?

Knowing how many cyber attackers are actually getting through the network, and being able to clearly see how they are carrying out their attack, helps everyone involved prioritize security investments on a continuous basis.

Being able to talk to the board when you’re equipped with intelligence about real threats the company is facing changes the nature of the discussion. It enables the group, as a whole, to examine the types of APTs the organization must defend against, and strategize with respect to preventing a full breach.  

CIOs armed with meaningful insights from all of their security systems can have a much more informative and actionable conversation. Being able to talk from a position of strength is critical for any security organization—regardless of how the talk begins.


Recommended reading for you: