Are Corporate Cyber Defenses Adequate?

Uploaded on 2017-07-13 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

It’s not just about the technology, stupid. That’s the collective message of the four expert commentators in this CFO Square-Off opinion forum, which addresses the issue of how CFOs and their corporations should be addressing cyber-security in the face of rapid advances on the hacking front. 

Instead, finance chiefs should be focusing on their companies’ systemic risks rather than just software.

However, many companies are failing to address cyber-security adequately because they tend to undervalue it financially, merely categorising it as they would value it as a physical asset. 

Instead, argues Gigamon’s Kevin Magee, they should take note of the financial losses that could occur when cyber-security is weak.
“Today, it’s likely that some of a company’s most valuable and vulnerable assets don’t even appear on the balance sheet. How much is your email database really worth? Probably not much in conventional accounting terms. But consider what its value might represent if it were completely locked down and made inaccessible by ransomware or hacked and placed on Pastebin for anyone in the world to download and peruse?” Magee reasons.

Such corporate myopia results in a failure to see the big picture, according to Bob Shaker of Symantec
Many companies “are just realising that their defense posture is targeted at preventing malware and insider attacks, not cyber-attacks,” he writes. “The technology they’ve deployed is patchwork consisting of solutions from multiple vendors that doesn’t work together.”

Another source of defensive weaknesses is complacency, driven by the notion that hackers are targeting bigger fish than one’s own company. Adding to that distraction is the constant sense stemming from the 2016 presidential election that cyber-security is a government matter. But yesterday’s attacks on the government are becoming today’s attacks on your company, observes Agari’s Markus Jakobsson.
“In the current political environment, it seems we’ll be focused on Russia for some time to come,” Jakobsson writes. “It would be beneficial if the scrutiny is not limited to their involvement in 2016, but also how to prevent these attacks in the future, for both the private as well as the public sector. Ultimately, the private sector can’t rely on the government to solve this problem.”

SecBI’s Gilad Peleg agrees. “Government initiatives to secure the private sector are almost always insufficient, because it’s impossible to gauge the security stance of each and every company and recommend (or order) the implementation of specific security means,” he contends. 
“To do so would require a nationwide cyber-security federal auditing task force, and no one wants that.”

CFO

You Might Also Read:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

Cybersecurity Is Too Important To Leave To IT:

Cybersecurity Trends For Boards & Directors:

 

« AI For Effective Healthcare Cyber Resilience
Who Is Behind Petya? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

PortSwigger

PortSwigger

PortSwigger's Burp Suite is an integrated platform for performing security testing of web applications.

National Security Agency (NSA) - USA

National Security Agency (NSA) - USA

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Perception Point

Perception Point

Perception Point is a Prevention-as-a-Service company, built to enable digital transformation. Our platform offers 360-degree protection against any type of content-based attack.

bwtech@UMBC

bwtech@UMBC

The bwtech@UMBC Cyber Incubator is an innovative business incubation program that delivers business and technical support to start-up and early-stage cybersecurity/IT products and services companies.

National Authority for Electronic Certification and Cyber Security (AKCESK) - Albania

National Authority for Electronic Certification and Cyber Security (AKCESK) - Albania

AKCESK ensures security for trusted services, in particular reliability and security in electronic transactions between citizens, businesses and public authorities.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

Phished

Phished

Phished is an AI-driven platform that focuses on the human side of cybersecurity. By combining fully automated training software with personalised, realistic simulations of cyberattacks.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

Visory

Visory

Great businesses depend on great technology. We make sure our clients go to market with enterprise-level technology and world-class security for their data and infrastructure.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

ITUS Secure Technologies

ITUS Secure Technologies

ITUS offer fully outsourced cybersecurity solutions working with leading security vendors, providing next-gen solutions.

Two Candlesticks

Two Candlesticks

Two Candlesticks is a global cybersecurity service provider delivering high level consultancy, strategy, and frameworks to governments, regulators and midsized companies.