Are Corporate Cyber Defenses Adequate?

It’s not just about the technology, stupid. That’s the collective message of the four expert commentators in this CFO Square-Off opinion forum, which addresses the issue of how CFOs and their corporations should be addressing cyber-security in the face of rapid advances on the hacking front. 

Instead, finance chiefs should be focusing on their companies’ systemic risks rather than just software.

However, many companies are failing to address cyber-security adequately because they tend to undervalue it financially, merely categorising it as they would value it as a physical asset. 

Instead, argues Gigamon’s Kevin Magee, they should take note of the financial losses that could occur when cyber-security is weak.
“Today, it’s likely that some of a company’s most valuable and vulnerable assets don’t even appear on the balance sheet. How much is your email database really worth? Probably not much in conventional accounting terms. But consider what its value might represent if it were completely locked down and made inaccessible by ransomware or hacked and placed on Pastebin for anyone in the world to download and peruse?” Magee reasons.

Such corporate myopia results in a failure to see the big picture, according to Bob Shaker of Symantec
Many companies “are just realising that their defense posture is targeted at preventing malware and insider attacks, not cyber-attacks,” he writes. “The technology they’ve deployed is patchwork consisting of solutions from multiple vendors that doesn’t work together.”

Another source of defensive weaknesses is complacency, driven by the notion that hackers are targeting bigger fish than one’s own company. Adding to that distraction is the constant sense stemming from the 2016 presidential election that cyber-security is a government matter. But yesterday’s attacks on the government are becoming today’s attacks on your company, observes Agari’s Markus Jakobsson.
“In the current political environment, it seems we’ll be focused on Russia for some time to come,” Jakobsson writes. “It would be beneficial if the scrutiny is not limited to their involvement in 2016, but also how to prevent these attacks in the future, for both the private as well as the public sector. Ultimately, the private sector can’t rely on the government to solve this problem.”

SecBI’s Gilad Peleg agrees. “Government initiatives to secure the private sector are almost always insufficient, because it’s impossible to gauge the security stance of each and every company and recommend (or order) the implementation of specific security means,” he contends. 
“To do so would require a nationwide cyber-security federal auditing task force, and no one wants that.”

CFO

You Might Also Read:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

Cybersecurity Is Too Important To Leave To IT:

Cybersecurity Trends For Boards & Directors:

 

« AI For Effective Healthcare Cyber Resilience
Who Is Behind Petya? »

Directory of Suppliers

Get Cyber Safe

Get Cyber Safe

Get Cyber Safe educates Canadians about staying safe online and is managed by Public Safety Canada

44CON

44CON

44CON is a London Information Security Conference

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

GovCERT.ch

GovCERT.ch

Computer Emergency Response Team of the Swiss Government.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

Use the ‘Find-A-Broker‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Beyond Security

Beyond Security

Beyond Security's testing solutions accurately assess and manage security weaknesses in Networks, Networked Software and Websites.

Trust Guard

Trust Guard

Trust Guard services provide complete security for your website.

Electus Cyber & Security

Electus Cyber & Security

Electus Cyber & Security is a specialist search and recruitment firm for cyber and information security professionals.

InAuth

InAuth

InAuth Security Platform delivers advanced device identification, risk detection, and analysis capabilities to help organizations limit risk and reduce fraud.

Nettitude

Nettitude

Nettitude is an awards winning provider of cyber security, compliance, infrastructure and incident response services.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

Cyber8Lab

Cyber8Lab

Cyber8Lab provides cybersecurity training programmes.

Bluefin Group

Bluefin Group

Bluefin is one of the UK’s leading insurance brokers. Business services include Cyber Risk insurance.

Lorega

Lorega

Lorega is an Insurance Underwriting Company with capacity provided by A+ rated insurers. Products include Cyber Recovery insurance.

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.