Cybersecurity in the Boardroom

Uploaded on 2015-06-21 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

screen-shot-2015-05-28-at-3-27-26-pm.png

The question on the NYSE Governance Services and Vericode Survey of 200 Directors in different industries focuses on whether cybersecurity matters are discussed at meetings, and we need to examine not just whether cybersecurity is discussed but what is being said and decided about it.

According to the survey, about two-thirds of directors are less than confident about their company’s cybersecurity.  This finding is not surprising given the frequency of data breaches these days.  There is a growing sense of exasperation, as if we are living in an age of a great plague, with bodies piling up in the streets. 
 
Of the directors surveyed, 80% say that cybersecurity is discussed at all or most meetings.  This finding appears to conflict somewhat with some of the surveys I discussed in my post, where it seemed that a greater percentage of boards were not focusing sufficiently on cybersecurity.

Security is complicated because it essentially requires each employee to act with a high level of awareness and vigilance, a state that is hard to sustain.  Over time, corners tend to get cut more, busy people tend to do more careless things and practices tend to become sloppy.  That’s human nature.  Complacency sets in.  Being on one’s toes isn’t an easy state to maintain.

The biggest risks to security are human errors — people putting data where it doesn’t belong, people not following policies, people losing portable electronic devices with data on them, people falling for phishing and social engineering schemes. These errors are best addressed through training.  Merely showing employees a PowerPoint, or putting them through a program that’s the equivalent to an airline safety video is a waste of time.  People must be engaged.  They must care.  And the message must be repeated over and over.  I recommend training throughout the year rather than just once.   Good security requires an awareness campaign.  And that is much more than just telling people stuff.  It’s about creating a culture within an organization.

The board of directors can do a lot more to help create the right kind of organizational culture.  Interestingly, the survey asked directors to indicate who should be held accountable in the event of a breach.  Most listed the CEO and CIO, with the CISO ranking fourth.
Teach Privacy: http://bit.ly/1K0ICCp

« Magnitude Exploit Kit Adobe Flash Player Vulnerability
Hackers Invade Hospital Networks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

SecureNow Insurance Broker

SecureNow Insurance Broker

SecureNow is a commercial insurance broker based in India. Services offered include Cyber Risk insurance.

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

National Cyber Security Directorate (DNSC) - Romania

National Cyber Security Directorate (DNSC) - Romania

DNSC (formerly CERT-RO) is the Romanian national cyber security and incident response team.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

SafeCharge

SafeCharge

SafeCharge is a global provider of technology-based multi-channel payments services and risk management solutions for demanding businesses.

Y-PARC

Y-PARC

Y-PARC is a center of excellence for cybersecurity, precision industries and medtech, fostering innovation and development and support for startups.

CyberSafe

CyberSafe

CyberSafe is a Portuguese company with a focus on cybersecurity solutions and services including network security, managed security, incident response and forensic analysis.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

CloudCover

CloudCover

CloudCover is a software-defined cybersecurity risk solution that provides risk awareness, risk analytics, and data security in real time.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

RB42

RB42

RB42 (formerly Nexa Technologies) provide cyber defense solutions (ComUnity, secure and encrypted messaging, detection of interception tools, etc) and cyber defense consultancy service.

Potech

Potech

Potech provides masterful services in Information & Technology and Cybersecurity to multiple markets across the world.

TENEX

TENEX

TENEX is a cybersecurity company leveraging advanced artificial intelligence and human expertise to transform enterprise security.

WideField Security

WideField Security

WideField Security a venture backed cybersecurity startup helps enterprise protect their identity attack surface.

KIT365

KIT365

KIT365 aim to protect organisations against cyber security attacks, by mitigating the risk to their systems and information, and protecting their data and reputation.