Are Corporate Cyber Defenses Adequate?

Uploaded on 2017-07-13 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

It’s not just about the technology, stupid. That’s the collective message of the four expert commentators in this CFO Square-Off opinion forum, which addresses the issue of how CFOs and their corporations should be addressing cyber-security in the face of rapid advances on the hacking front. 

Instead, finance chiefs should be focusing on their companies’ systemic risks rather than just software.

However, many companies are failing to address cyber-security adequately because they tend to undervalue it financially, merely categorising it as they would value it as a physical asset. 

Instead, argues Gigamon’s Kevin Magee, they should take note of the financial losses that could occur when cyber-security is weak.
“Today, it’s likely that some of a company’s most valuable and vulnerable assets don’t even appear on the balance sheet. How much is your email database really worth? Probably not much in conventional accounting terms. But consider what its value might represent if it were completely locked down and made inaccessible by ransomware or hacked and placed on Pastebin for anyone in the world to download and peruse?” Magee reasons.

Such corporate myopia results in a failure to see the big picture, according to Bob Shaker of Symantec
Many companies “are just realising that their defense posture is targeted at preventing malware and insider attacks, not cyber-attacks,” he writes. “The technology they’ve deployed is patchwork consisting of solutions from multiple vendors that doesn’t work together.”

Another source of defensive weaknesses is complacency, driven by the notion that hackers are targeting bigger fish than one’s own company. Adding to that distraction is the constant sense stemming from the 2016 presidential election that cyber-security is a government matter. But yesterday’s attacks on the government are becoming today’s attacks on your company, observes Agari’s Markus Jakobsson.
“In the current political environment, it seems we’ll be focused on Russia for some time to come,” Jakobsson writes. “It would be beneficial if the scrutiny is not limited to their involvement in 2016, but also how to prevent these attacks in the future, for both the private as well as the public sector. Ultimately, the private sector can’t rely on the government to solve this problem.”

SecBI’s Gilad Peleg agrees. “Government initiatives to secure the private sector are almost always insufficient, because it’s impossible to gauge the security stance of each and every company and recommend (or order) the implementation of specific security means,” he contends. 
“To do so would require a nationwide cyber-security federal auditing task force, and no one wants that.”

CFO

You Might Also Read:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

Cybersecurity Is Too Important To Leave To IT:

Cybersecurity Trends For Boards & Directors:

 

« AI For Effective Healthcare Cyber Resilience
Who Is Behind Petya? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Eden Legal

Eden Legal

Eden Legal provides legal services on commercial and regulatory issues affecting digital businesses.

Techmeme

Techmeme

Techmeme is an online news curation service focused on leading edge technology, including cyber security.

Covenco

Covenco

Covenco is a data management and IT infrastructure specialist. Working with customers to transform their IT environments, with data protection and security at the forefront of everything we do.

AdNovum Informatik

AdNovum Informatik

AdNovum Informatik provides a full set of IT services, ranging from consulting, the conception and implementation of customized business and security solutions to maintenance and support.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

Fornetix

Fornetix

Fornetix is a cybersecurity platform enabling Zero Trust while delivering critical encryption automation, access controls, authorization services, machine identity, and ICAM solutions,

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

Research Institute in Secure Hardware and Embedded Systems (RISE)

Research Institute in Secure Hardware and Embedded Systems (RISE)

The UK Research Institute in Secure Hardware and Embedded Systems (RISE) seeks to identify and address key issues that underpin our understanding of Hardware Security.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

ProofID

ProofID

ProofID is a specialist provider of Identity Access Management (IAM) solutions. We focus on the solving the complex needs of the modern enterprise.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

Appsian Security

Appsian Security

Appsian provides powerful solutions that help organizations take control of their business critical data and financial transactions.

CyberUSA

CyberUSA

CyberUSA is a collaboration of leaders and states focused on a common mission purpose of enabling innovation, education, workforce development, enhanced cyber readiness and resilience.

Sotero

Sotero

Sotero is the first cloud-native, zero trust data security platform that consolidates your entire security stack into one easy-to-manage environment.

Mode Solutions

Mode Solutions

Mode guarantee IT performance where you need it most, creating seamless and secure solutions that will alleviate pressure from your business.