Cybersecurity in the Boardroom

screen-shot-2015-05-28-at-3-27-26-pm.png

The question on the NYSE Governance Services and Vericode Survey of 200 Directors in different industries focuses on whether cybersecurity matters are discussed at meetings, and we need to examine not just whether cybersecurity is discussed but what is being said and decided about it.

According to the survey, about two-thirds of directors are less than confident about their company’s cybersecurity.  This finding is not surprising given the frequency of data breaches these days.  There is a growing sense of exasperation, as if we are living in an age of a great plague, with bodies piling up in the streets. 
 
Of the directors surveyed, 80% say that cybersecurity is discussed at all or most meetings.  This finding appears to conflict somewhat with some of the surveys I discussed in my post, where it seemed that a greater percentage of boards were not focusing sufficiently on cybersecurity.

Security is complicated because it essentially requires each employee to act with a high level of awareness and vigilance, a state that is hard to sustain.  Over time, corners tend to get cut more, busy people tend to do more careless things and practices tend to become sloppy.  That’s human nature.  Complacency sets in.  Being on one’s toes isn’t an easy state to maintain.

The biggest risks to security are human errors — people putting data where it doesn’t belong, people not following policies, people losing portable electronic devices with data on them, people falling for phishing and social engineering schemes. These errors are best addressed through training.  Merely showing employees a PowerPoint, or putting them through a program that’s the equivalent to an airline safety video is a waste of time.  People must be engaged.  They must care.  And the message must be repeated over and over.  I recommend training throughout the year rather than just once.   Good security requires an awareness campaign.  And that is much more than just telling people stuff.  It’s about creating a culture within an organization.

The board of directors can do a lot more to help create the right kind of organizational culture.  Interestingly, the survey asked directors to indicate who should be held accountable in the event of a breach.  Most listed the CEO and CIO, with the CISO ranking fourth.
Teach Privacy: http://bit.ly/1K0ICCp

« Magnitude Exploit Kit Adobe Flash Player Vulnerability
Hackers Invade Hospital Networks »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Malwarebytes

Malwarebytes

Malwarebytes provides artificial intelligence-powered technology that stops cyberattacks before they can compromise computers and endpoints.

Quantivate

Quantivate

Quantivate is a provider of web-based Governance, Risk, and Compliance (GRC) software and service solutions.

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

K2 Integrity

K2 Integrity

K2 Integrity is a preeminent risk, compliance, investigations, and monitoring firm - built by industry leaders to safeguard our clients’ operations, reputations, and economic security.

Asseco Group

Asseco Group

Asseco Poland stands at the forefront of the multinational Asseco Group. We are a leading provider of state-of-the-art IT solutions in Central and Eastern Europe.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

Truesec

Truesec

TRUESEC has an exceptional mix of IT specialists. We are true experts in cyber security, advanced IT infrastructure and secure development.

World Cyber Security Summit

World Cyber Security Summit

World Cyber Security Summit, by Trescon, is a thought-leadership driven platform for CISOs who are looking to explore new-age threats and the technologies/strategies that can help mitigate them.

Appsian Security

Appsian Security

Appsian provides powerful solutions that help organizations take control of their business critical data and financial transactions.

ECS Ethiopia

ECS Ethiopia

ECS Ethiopia provides Ethiopia’s leading institutions with top cyber-security expertise and technology to enable them to overcome risks and market barriers enabling them to grow their business.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

Neosoft

Neosoft

Néosoft is an independent digital transformation consulting group with expertise in Consulting & Agility, Cybersecurity, Data, DevOps, Infrastructure & Cloud and Software Engineering.