Cybersecurity in the Boardroom

screen-shot-2015-05-28-at-3-27-26-pm.png

The question on the NYSE Governance Services and Vericode Survey of 200 Directors in different industries focuses on whether cybersecurity matters are discussed at meetings, and we need to examine not just whether cybersecurity is discussed but what is being said and decided about it.

According to the survey, about two-thirds of directors are less than confident about their company’s cybersecurity.  This finding is not surprising given the frequency of data breaches these days.  There is a growing sense of exasperation, as if we are living in an age of a great plague, with bodies piling up in the streets. 
 
Of the directors surveyed, 80% say that cybersecurity is discussed at all or most meetings.  This finding appears to conflict somewhat with some of the surveys I discussed in my post, where it seemed that a greater percentage of boards were not focusing sufficiently on cybersecurity.

Security is complicated because it essentially requires each employee to act with a high level of awareness and vigilance, a state that is hard to sustain.  Over time, corners tend to get cut more, busy people tend to do more careless things and practices tend to become sloppy.  That’s human nature.  Complacency sets in.  Being on one’s toes isn’t an easy state to maintain.

The biggest risks to security are human errors — people putting data where it doesn’t belong, people not following policies, people losing portable electronic devices with data on them, people falling for phishing and social engineering schemes. These errors are best addressed through training.  Merely showing employees a PowerPoint, or putting them through a program that’s the equivalent to an airline safety video is a waste of time.  People must be engaged.  They must care.  And the message must be repeated over and over.  I recommend training throughout the year rather than just once.   Good security requires an awareness campaign.  And that is much more than just telling people stuff.  It’s about creating a culture within an organization.

The board of directors can do a lot more to help create the right kind of organizational culture.  Interestingly, the survey asked directors to indicate who should be held accountable in the event of a breach.  Most listed the CEO and CIO, with the CISO ranking fourth.
Teach Privacy: http://bit.ly/1K0ICCp

« Magnitude Exploit Kit Adobe Flash Player Vulnerability
Hackers Invade Hospital Networks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Prewen

Prewen

Prewen provide solutions to protect sensitive data across the organisation.

Wooxo

Wooxo

Wooxo provides business security and continuity solutions to protect business data for organisation of all sizes.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

Axence

Axence

Axence provides professional solutions for the comprehensive management of IT infrastructure for companies and institutions all over the world.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

Internet Crime Complaint Center (IC3)

Internet Crime Complaint Center (IC3)

The Internet Crime Complaint Center provide the public with a reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

Cyber Crucible

Cyber Crucible

Cyber Crucible is a cybersecurity Software as a Service company definitively removing the risk of data extortion from customer environments.

TuxCare

TuxCare

TuxCare make Linux more secure. We take care of Linux so that organizations can use Linux to support environments that require high levels of Cybersecurity, stability, and availability.

Dexian

Dexian

Dexian is a leading provider of staffing, IT, and workforce solutions with nearly 12,000 employees and 70 locations worldwide.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.

Interpres Security

Interpres Security

Interpres Security operationalizes TTP-based threat intelligence and automates continuous exposure monitoring to help CISOs and security practitioners reduce threat exposure.