ltimately, cybersecurity must ensure that there are proper and effective controls in place to protect an orgainzation’s sensitive business assets, especially the data that differentiates and sustains the business. Over the past two decades, however, the industry has been influenced by both a mistaken belief and an unfortunate reality.
The mistaken belief is that there is some kind of magic bullet to wipe out the constant barrage of threats against these assets. With today’s advanced persistent threats (APTs) providing a level of sophistication that can easily dance around individual cybersecurity capabilities, leaders now realize that only an equally sophisticated and integrated approach that spans multiple risk management controls can succeed.
The unfortunately reality is that to properly protect the organization’s assets, the cybersecurity leader needs to know where all those assets are. Alarmingly, many organizations don’t even know where their sensitive business data is, particularly the copies stored in unstructured form on local devices and machines.