Cybersecurity in the Boardroom

Uploaded on 2015-06-21 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

screen-shot-2015-05-28-at-3-27-26-pm.png

The question on the NYSE Governance Services and Vericode Survey of 200 Directors in different industries focuses on whether cybersecurity matters are discussed at meetings, and we need to examine not just whether cybersecurity is discussed but what is being said and decided about it.

According to the survey, about two-thirds of directors are less than confident about their company’s cybersecurity.  This finding is not surprising given the frequency of data breaches these days.  There is a growing sense of exasperation, as if we are living in an age of a great plague, with bodies piling up in the streets. 
 
Of the directors surveyed, 80% say that cybersecurity is discussed at all or most meetings.  This finding appears to conflict somewhat with some of the surveys I discussed in my post, where it seemed that a greater percentage of boards were not focusing sufficiently on cybersecurity.

Security is complicated because it essentially requires each employee to act with a high level of awareness and vigilance, a state that is hard to sustain.  Over time, corners tend to get cut more, busy people tend to do more careless things and practices tend to become sloppy.  That’s human nature.  Complacency sets in.  Being on one’s toes isn’t an easy state to maintain.

The biggest risks to security are human errors — people putting data where it doesn’t belong, people not following policies, people losing portable electronic devices with data on them, people falling for phishing and social engineering schemes. These errors are best addressed through training.  Merely showing employees a PowerPoint, or putting them through a program that’s the equivalent to an airline safety video is a waste of time.  People must be engaged.  They must care.  And the message must be repeated over and over.  I recommend training throughout the year rather than just once.   Good security requires an awareness campaign.  And that is much more than just telling people stuff.  It’s about creating a culture within an organization.

The board of directors can do a lot more to help create the right kind of organizational culture.  Interestingly, the survey asked directors to indicate who should be held accountable in the event of a breach.  Most listed the CEO and CIO, with the CISO ranking fourth.
Teach Privacy: http://bit.ly/1K0ICCp

« Magnitude Exploit Kit Adobe Flash Player Vulnerability
Hackers Invade Hospital Networks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alarum Technologies

Alarum Technologies

Alarum Technologies (formerly Safe-T) is a global provider of cyber security and privacy solutions to consumers and enterprises.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

Hague Security Delta (HSD)

Hague Security Delta (HSD)

The Hague Security Delta Campus is home of the leading cyber security cluster in Europe with an Innovation Centre, labs and training facilities.

Ipsidy

Ipsidy

Our identity platform enables mobile users to more easily authenticate their identity to a mobile phone or portable device of their choosing.

Prove & Run

Prove & Run

Prove & Run provides a patented software development toolchain that is specifically forged to deal with the complex security properties of sensitive software components.

Segusoft

Segusoft

With its encryption platform SEGULINK, Segusoft provides standard software for companies to securely transfer files and messages.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

HarfangLab

HarfangLab

HarfangLab develops a hunting software to boost detection and neutralization of cyberattacks against companies endpoints.

RankedRight

RankedRight

RankedRight empowers security teams to take immediate action on their most critical risks.

1Touch.io

1Touch.io

1touch.io Inventa is an AI-based, sustainable data discovery and classification platform that provides automated, near real-time discovery, mapping, and cataloging of all sensitive data.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

CipherStash

CipherStash

CipherStash is a complete data governance and breach prevention platform.