Cyber Security Insights For Executives

Uploaded on 2021-02-22 in TECHNOLOGY--Resilience, FREE TO VIEW

Business leaders and theit exective teams may see cyber security as the IT departments problem and a priority only when an intrusion occurs, but the cyber threat never stands still. It’s always evolving and criminal groups capitalise on new technologies to identify targets and launch attacks on an industrial scale. If your business has not experienced a cyber attack in the past year, you are in a shrinking minority. 
 
According to a survey carried out by  the Information Systems Security Association (ISSA) 58% of senior cyber security and business managers say that their organisation’s executive level  commitment to cyber security is “very good,” the remaining 42% say that their organisation’s executives’ dedication and buy-in to cyber security is “satisfactory, honest, or poor.” 
 
Cyber Security Topics Executives  Think Are Important  
 
Data privacy -   Data privacy topped the list at 35%, and this makes sense given regulations like GDPR and CCPA. In the past, data privacy was handled by legal teams, but with the onset and growth of regulations, CISOs have been asked to operationalise data privacy.  In other words, security teams are responsible for things like data discovery, the introduction of new data security controls, and coordination around technologies for data deletion.  GDPR also comes with the potential for hefty fines, so executives are paying close attention.  
 
Cyber attacks -  Can affect the interests of all stakeholders, disrupting a company’s operations, affecting how its employees work and inflicting brand damage that can severely jeopardise customer loyalty and trust. A breach can also impact sensitive information related to clients, contractors and suppliers. And as tighter regulations are put in place, companies may be exposed to legal liability, making cyber security a key corporate governance concern for investors.  
 
The threat of cyber attacks is so severe that the World Economic Forum in 2018 declared cyber security the top business risk in Europe, North America, and East Asia and the Pacific. 
 
Continuous cyber security training is lacking  - When asked if their current employer provides the cyber security team with the right level of training to keep up with business and IT risk, more than half (56%) of survey respondents answered “no,” suggesting that their organisations needed to provide more or significantly more training for the cyber security staff.
 
Internal relationships need work -  While many organisations consider the relationship between cyber security, business, and IT teams to be good, it seems that 20% of cyber security professionals say the relationship between cyber security and IT is fair or poor (surprising given that 78% of cyber security professionals got their start in IT) and 27% of survey respondents claim the relationship between cyber security and the business is fair or poor.  The biggest cyber security/IT relationship issue selected relates to prioritizing tasks between the two groups while the biggest cyber security/business relationship challenge is aligning goals.
 
Many businesses still believe they are below the criminals’ radar, however, the growth in cyber crime enabled by automatic vulnerability identification mean that every business is a target. 
 
It’s not the nature of a business that attracts the interest of cyber crime groups. It’s weak defences and the opportunity these present to mount a successful attack.  Your incident response plan should allow you to respond effectively to a range of scenarios, such as an internal breach, external attack, accidental data sharing and loss or theft of a physical device. 
 
Planning For Future Cyber Security Issues:  
 
  • Do you have an incident response plan in place? 
  • Who will lead the incident response team? 
  • What will happen in the first 24 hours after a breach? 
  • Have you allocated enough resources to ensure an effective response? 
  • What external partners will you use to manage elements such as forensic investigation, public relations, legal affairs and the notification process in the event of a data breach? 
Threats from outside the company are a huge concern for cybersecurity teams, but there are significant threats inside company firewalls. 
 
The very people who are closest to the data or other corporate assets can often be a weak link in a company’s cybersecurity program, particularly when they share passwords or files over unprotected networks, click on malicious hyperlinks sent from unknown email addresses, or otherwise act in ways that open up corporate networks to attack. Indeed, threats from inside the company account for about 43 percent of data breaches. 
 
Cyber security must be the concern of every single employee from the CEO down to the receptionist,  because implementing the best cyber security practice isn’t just about firewalls and encryption, it’s about changing the entire culture of your organisation. 
 
Creating a work environment which is vigilant and proactive is the only way to truly protect your business. Although there is no such thing as perfect protection, as a business leader, you have the responsibility to significantly reduce the risks.
 
ISSA:        Grant Thornton:     McKinsey:        Tech Centry:      Chief Executive:      CSO Online:       Image: Unsplash
 
You Might Also Read:
 
Five Things Management Must Know About Cyber Security:
 
 
« Hackers Fail To Contaminate Florida Water
Every Employee Should Be Considered A Target »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV Informationstechnik (TÜViT)

TÜV Informationstechnik (TÜViT)

TÜViT is a leading service provider in the IT sector offering unbiased and independent tests and certifications of IT products, hardware, software, systems and processes.

CynergisTek

CynergisTek

CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry.

4Stop

4Stop

4Stop is a global KYC, compliance and anti-fraud risk management company.

Penacity

Penacity

Penacity, LLC provides strategic consulting technology services and Information Security Services to commercial and government organizations.

HCC Embedded

HCC Embedded

HCC’s mission is to ensure that data stored or communicated by an embedded IoT application is secure, safe and reliable.

Trusona

Trusona

Trusona is a pioneer and leader in passwordless two-factor authentication (2FA).

Norwest Venture Partners (NVP)

Norwest Venture Partners (NVP)

Norwest Venture Partners offer entrepreneurs a broad range of services to help them build their businesses at every stage of growth. Key sectors include AI, Infrastructure, SaaS and Security.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

Network Utilities (NetUtils)

Network Utilities (NetUtils)

Network Utilities provide identity centric network and security solutions to organisations from Telecoms and ISPs to SMEs and large corporates.

Securd

Securd

Securd takes opportunities away from your cyber adversaries. Cloud-delivered zero-trust DNS firewall and web filtering protection keep your business network and remote employees safe.

Bloc Ventures

Bloc Ventures

Bloc Ventures is an investment company providing long-term, ‘patient’ equity capital to early stage unquoted deep technology companies.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.

Nexio

Nexio

We are Nexio. We help organisations take every NEXT step toward their accelerated digital transformation.

InterSources

InterSources

InterSources is a trusted partner, leading the way in Cloud Security, Cybersecurity, PLG Consulting, Digital Transformation, and Professional Services.

Axiotrop

Axiotrop

AXIOTROP is a Cybersecurity firm offering leading services in assessment, remediation, and validation to protect the confidentiality, integrity, and availability of regulated information.