The fact that today Cybersecurity is an essential facet of any business is no secret.
From emerging businesses to established organisations, irrespective of their size, the reliance on IT is the heart of almost each of their operations. While investments on the information technology and its infrastructure breathe life into a business, underpinning every aspect of a company’s operations and offering significant gains in efficiency, they are not fool-proof against cyber-attacks.
Undoubtedly, any CEO or business owner today faces the significant challenge of Cybersecurity. The threat of cyber-attacks is a looming one for these CXO level executives who understand the catastrophic results of a cyber-attack on their corporate systems – from compromised intellectual properties to disruption in business operations and ensuing financial losses & reputational damage!
It is no surprise then that every business leader must invest time to fully comprehend and appreciate the risks associated with breached cybersecurity and gives it the priority it deserves in today’s global business climate.
Unfortunately, most C-suite executives are ignorant of cybersecurity issues and the business risks that it entails. Even those who are aware of cybersecurity risks, do not understand how to respond to these risks when a cyber-attack strikes. This unpreparedness often leads to flawed risk analysis and consequently wrong decisions that put the business at higher risk.
Here are few things that every CEO must know about cybersecurity
Firstly, it is essential to have information and understanding of the critical question: Who are the victims?
Studies and research data reflect the following information about the victims of cybersecurity:
- Financial institutions are the most breached accounting for almost 37% of breaches.
- They are followed by the Retail and Restaurant arena that accounts for 24% of the violations
- 20% of network breaches happen at Information technology & professional services businesses
- About 20% of breaches involve manufacturing, logistics and utility businesses
Next, it is imperative that they understand the question: Which are the primary sources of vulnerability?
A thought-provoking question to which every CEO must have adequate knowledge to answer and address is about the probable sources which can be summed best through the findings of a 2013 report on the study of cybersecurity breaches, i.e.,
- 76% of cyber-attacks take advantage of weak or stolen credentials
- 60% of the violations originate from unauthorised access by employees (both current or former), or through third-party vendors.
- Almost in 69% of the cases, external parties such as customers brought these breaches to light.
- 41% of these breached cases resulted due to “unapproved” hardware accounts
An interesting thing to remember from past data on cybersecurity that could be very insightful to CEOs is the fact that 80% of these cyber breaches are usually perpetrated during business hours, meticulously planned. Almost 74% of these perpetrators are insiders to the business, dealing with either a rough financial patch (27%), or disgruntled and seeking revenge (23%). But, the primary motivator for all cybersecurity breaches is, like in most other cases, a perceived financial gain (almost 81% of cases fall under this category!).
Remember: To achieve real cybersecurity with complete data resilience, it is imperative that you, as an Executive, combine and manage the monitoring, detection, and response activities with comprehensive disaster management, recovery and robust business continuity plans.
Now that you, as a CEO, are aware of these facets of cybersecurity, it is also crucial that you be mindful of the six common areas of information security that have a direct or indirect bearing on the day-to-day business operations. These six areas are as under:
- Compliance with applicable regulatory and policy requirements
- Privacy and regulations that impose conditions that ensure safeguard ‘Personally Identifiable Information’.
- Brand Reputation
- Risk Management to withstand unforeseen events
- Supply Chain Security to better equipped to handle vulnerabilities in the supply chain.
- Employee Awareness of security measures
Today, the stakes of a breach in cybersecurity are much higher than ever before. Not just identity theft, but critical infrastructure is at risk as organisations are operating in a progressively cyber-enabled. As such, CEOs need to take stock of the situation and ensure that their business is well-prepared to deal with these imminent cyber threats.
Here are a few tips for CEOs to be better equipped to deal with cybersecurity and ensuing threats for their organisations.
- Ensure that everyone in the organisation has proper cybersecurity education and is aware of the risks and mitigation plans.
- Identify, in order of priority, the most vulnerable nodes in your organisation’s information systems and place a value against each of them and ascertain how much risk to these nodes the organisation is willing to absorb.
- Conduct a thorough and independent cyber risk assessment in line with compliance requirements and standards and identify gaps in your cybersecurity policies, procedures and plans.
- Set-up rigorous access control guidelines (such as linking access to roles rather than people) for all prioritised critical areas and conducted rigorous tests of the robustness of these access policies.
- Ensure that your organisation has an appropriate 24x7x365 cyber breach incident response plan that includes monitoring, detection, and response capabilities.
- Encrypt all data sensitive to your organisation and apply the policy of segmenting production data from global level data.
- Enforce additional layers of cybersecurity via enforcing a mobile device security strategy, multi-factor authentication and encryption policies.
- Ensure your company has a well-documented plan to counter a network compromise, including robust disaster recovery and business continuity plan.
- Make appropriate IT infrastructure and security investments for your company.
- Finally, treat cybersecurity like a regular crime and keep yourself updated on technology shifts and the latest cyber-threats!
Remember: Prevention and avoidance are the best strategies to avoid a possible cybersecurity breach.
No one expects you to be a cybersecurity expert, just because you head the company and its operations, but a certain level of awareness and due diligence of the cybersecurity threats go a long way in preparing you to do your job as the business leader in a better way.