BreachExchange mailing list archives
What CEOs Should Do to Tackle Cyberattacks
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 27 Feb 2015 14:35:50 -0700
http://blogs.wsj.com/experts/2015/02/27/what-ceos-should-do-to-tackle-cyberattacks/ CEOs face many challenges—financial performance, market growth, customer satisfaction, and talent retention—to name just a few. One challenge, however, is newer and evolving more rapidly than most others: the cyberattack. Cybersecurity will be a major issue for CEOs in 2015 and for many years to come. Cyberespionage is rampant and intellectual property that took years to develop can be stolen in a matter of minutes. Revenge against companies for perceived wrongdoing or a company’s mere presence in a particular country can become a motivation for a cyberattack. Companies that hold payment information experience thefts of data. The list is long and growing. As companies understandably expand their Internet presence, risk increases. As nations’ cyberattack capabilities increase and their willingness to attack grows, risk increases. As the destructive capabilities of attack software morphs and further threatens the accuracy and existence of key customer and company data, risk increases. As these and other cyber risks increase, CEOs must raise their cyber game as well. CEOs will need to: understand what systems and data are critical to their organization and their customers and how their company is protecting them; assure interconnectivity with vendors and service providers is being properly managed; plan for growing possibilities of combined cyber and physical attack scenarios; evaluate the amount and quality of investment in cyberdefenses including both human capital and technology; assess relevant personnel to make sure they have current and pertinent experience and skills; encourage selection of board members with experience regarding these issues and appropriately encourage board consideration of cyber issues. CEOs should also continue to work with regulators as regulatory requirements and standards evolve. CEOs will also need go beyond their own walls to better protect their company. They should assure their company engages with one or more third-party groups that focus on sharing cyber information and best practices. They should also encourage “security by design” from vendors for products and services acquired. CEOs should also establish relationships with key government agencies (such as the FBI and the U.S. Secret Service) which can help companies better understand cyber risk and recovery steps in the event of an attack. Finally, CEOs should advocate for congressional action regarding cyber issues, including the passage of legislation relating to cyber information sharing, breach notification, cybersecurity standards, cyber R&D funding, cyberdefense talent education, and stronger cybercrime investigative capabilities and penalties. Good progress is being made on these issues, but much work remains. CEO leadership will make a real difference.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- What CEOs Should Do to Tackle Cyberattacks Audrey McNeil (Mar 06)