There is a story in the bible about the symbol of four horsemen that signal a foreboding of an apocalyptic event. It talks about these as signals of upcoming doom. It is a way of telling a story to explain when a bad event is going to happen. And in cybersecurity I have my own four horsemen. The four signs that your cybersecurity posture is in grave danger.
The most fundamental and serious issue that signals a problem is a disaffection or misunderstanding of cybersecurity in the higher ranks of the company. If you are an executive and you do not demand direct involvement in your cybersecurity by your staff, then you are asking for an eventual major cybersecurity event. If you are not involved get involved today. It is not too complicated, and if you still have a problem then get help whether inside or outside the company.
You do not have a qualified security authority on your team. This means no CISO or a CISO that cannot perform the duties. Or a CISO that is not allowed to implement a comprehensive cybersecurity policy (very common). Any of these areas will be deadly for your company and will increase in importance moving forward. Make sure you have a CISO, make sure they are qualified, and they have the ear of the executive staff.
There is no comprehensive written cybersecurity policy for every part of your company. You can have all of the ideas and positions you want. But if it is not written and communicated to the entire company then it will do you no good. Simply put your cybersecurity policy is your roadmap on how to get to the next phases of your plan. It is a living breathing document with true relevance to the entire organization. If you do not have one or have an old one. There should be an initiative to start working on it today.
A passive leaves it up to my IT department attitude. I talked about this one here. This last one will bite you when you least expect it. The IT department is important, but it is only one element in your cybersecurity posture. The real danger is thinking they will protect you and forgetting about cybersecurity. There is nothing further from the truth. This is why companies with huge IT budgets get breached all of the time. Look at Equifax. Get started on moving responsibility for cybersecurity to the functional departments where it belongs. It is not that hard, and will work better with your IT department.