Intelligent CIO Europe Issue 12 | Page 44

business ‘‘ TALKING //////////////////////////////////////////////////////////////////// Justin Coker, Vice President EMEA, Skybox How do we segregate security teams? In addition to the IT network, the security teams responsible for keeping the attack surface protected must also be split. The challenge of this is two-fold: First, with fewer members on each new team there will inevitably be the creation of a knowledge gap in both organisations and, second, there will be fewer people to deal with a similar number of attacks on the networks. To counteract these challenges, organisations need to get all employees up to speed with risks in both entities to ensure attacks don’t slip through the cracks and it's likely they need to hire additional staff to fill the resource void. Security solutions are also available which can highlight the highest priority risks using automated data correlation and recommend the defences and controls that should be put in place to mitigate the risks of shared services and networks. This way, security teams are able to prioritise where to focus their efforts and make better use of human resources. Are we at risk of non-compliance? A huge concern for the CFO of an organisation on the brink of divestment is the potential regulatory impact, so 44 INTELLIGENTCIO this must be clearly understood. As a new network perimeter is planned and introduced, the security teams need to establish whether this produces any compliance gaps. With shared network assets, it is important to ensure any changes made are not resulting in a breach of regulation and that changes are implemented within the timescales demanded by the regulators. Using automated change assessment, security teams can ensure network changes happen quickly and that the organisation remains regulation-compliant, so the divestment process keeps to the schedule. Using this type of tool also means that any changes haven’t exposed any new vulnerabilities. Although traditionally viewed as the sole responsibility of the CISO, thanks to “ digitalisation, cybersecurity has infiltrated every aspect of business operations, including divestments and other activities that fall under the remit of the CFO. By using the latest solutions in visualising network and security infrastructures as well as their risks, IT aspects of divestments can be concluded more quickly – and the life of the CFO can be made significantly easier. This approach helps smooth divestment operations for finance directors by ensuring security and compliance risks are properly identified, understood and dealt with strategically. Doing so will mean that any possible monetary and reputational risks caused by a cyberattack – during the divestment or at a later date – will be avoided and will safeguard the future of both companies. n ALTHOUGH TRADITIONALLY VIEWED AS THE SOLE RESPONSIBILITY OF THE CISO, THANKS TO DIGITAL- ISATION, CYBERSECURITY HAS INFILTRATED EVERY ASPECT OF BUSINESS OPERATIONS. www.intelligentcio.com