Are Corporate Cyber Defenses Adequate?

Uploaded on 2017-07-13 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

It’s not just about the technology, stupid. That’s the collective message of the four expert commentators in this CFO Square-Off opinion forum, which addresses the issue of how CFOs and their corporations should be addressing cyber-security in the face of rapid advances on the hacking front. 

Instead, finance chiefs should be focusing on their companies’ systemic risks rather than just software.

However, many companies are failing to address cyber-security adequately because they tend to undervalue it financially, merely categorising it as they would value it as a physical asset. 

Instead, argues Gigamon’s Kevin Magee, they should take note of the financial losses that could occur when cyber-security is weak.
“Today, it’s likely that some of a company’s most valuable and vulnerable assets don’t even appear on the balance sheet. How much is your email database really worth? Probably not much in conventional accounting terms. But consider what its value might represent if it were completely locked down and made inaccessible by ransomware or hacked and placed on Pastebin for anyone in the world to download and peruse?” Magee reasons.

Such corporate myopia results in a failure to see the big picture, according to Bob Shaker of Symantec
Many companies “are just realising that their defense posture is targeted at preventing malware and insider attacks, not cyber-attacks,” he writes. “The technology they’ve deployed is patchwork consisting of solutions from multiple vendors that doesn’t work together.”

Another source of defensive weaknesses is complacency, driven by the notion that hackers are targeting bigger fish than one’s own company. Adding to that distraction is the constant sense stemming from the 2016 presidential election that cyber-security is a government matter. But yesterday’s attacks on the government are becoming today’s attacks on your company, observes Agari’s Markus Jakobsson.
“In the current political environment, it seems we’ll be focused on Russia for some time to come,” Jakobsson writes. “It would be beneficial if the scrutiny is not limited to their involvement in 2016, but also how to prevent these attacks in the future, for both the private as well as the public sector. Ultimately, the private sector can’t rely on the government to solve this problem.”

SecBI’s Gilad Peleg agrees. “Government initiatives to secure the private sector are almost always insufficient, because it’s impossible to gauge the security stance of each and every company and recommend (or order) the implementation of specific security means,” he contends. 
“To do so would require a nationwide cyber-security federal auditing task force, and no one wants that.”

CFO

You Might Also Read:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

Cybersecurity Is Too Important To Leave To IT:

Cybersecurity Trends For Boards & Directors:

 

« AI For Effective Healthcare Cyber Resilience
Who Is Behind Petya? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

Inogesis

Inogesis

Inogesis helps blue-chip organisations harness disruptive technologies and thinking to drive new revenues or overcome challenges by connecting them with dynamic small companies.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

Austrian Institute of Technology (AIT)

Austrian Institute of Technology (AIT)

AIT is Austria's largest research and technology organisation and a specialist in the key infrastructure issues of the future including data science and cybersecurity.

Internet Infrastructure Investigation

Internet Infrastructure Investigation

Internet Infrastructure Investigation offers a bespoke Internet Governance Solution to your brands online infringement problems.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

GAVS Technologies

GAVS Technologies

GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

SilverEdge Government Solutions

SilverEdge Government Solutions

SilverEdge is a next generation provider of innovative and proprietary cybersecurity, software, and intelligence solutions for the Defense and Intelligence Communities.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC)

The PCI Security Standards Council is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.

Cipher Net Shield

Cipher Net Shield

Cipher Net Shield specializes in secure E-wallet solutions with a strong focus on blockchain and cybersecurity, prioritizing both transaction security and the recovery of lost capital.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.

Complete Cyber

Complete Cyber

Complete Cyber provide professional cybersecurity services and products to help secure your infrastructure, systems and data.