Information today is a core component of business differentiation; the value and control of the information now has a direct impact on financial and reputational elements of a business. The attacks on organisations are becoming increasingly sophisticated, with innocuous looking documents and images becoming the carriers of targeted Advanced Persistent Threats (APTs) on the way in, and tools for concealing critical information on the way out.

Fortunately, security technology has evolved alongside the threatscape to help combat new age cyber risks, but a traditional ‘stop and block’ data loss prevention (DLP) approach is not viable given our reliance on technology for business operation as it hinders communication flow and organisational agility.

The protection and security of information is not the sole responsibility of the CISO alone. The CISO maybe the custodian of information protection, but the information owners are the CISO’s peers; HR, Operations, Sales, Marketing, amongst others. Each of these individuals needs to take equal responsibility to ensure that malicious and negligent access in the sharing of critical information is minimised as part of their own and their team’s activities.