Everyone talks about cybersecurity strategy. The need is apparent and the risks are real — for both external and internal threats. Internal breaches have escalated and now make up 75% of cyberattacks. Stemming from the hands of employees, people talk about insider risk less despite the rising numbers, and prevention strategies may tend to focus more on the wrongly perceived bigger dangers of malicious external hackers. That’s a big miss.
Equally problematic is this: According to a May 2018 survey, a large number of companies fail to implement defined security strategy in place, and many CEOs fail to take preventative action. For all the hype about cybercrime, that’s a large number of unprotected businesses that are approaching their security without a well-developed plan. Even with a carefully developed strategy, there’s one element of the plan that is often missed.