What CEOs Should Do to Tackle Cyberattacks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://blogs.wsj.com/experts/2015/02/27/what-ceos-should-do-to-tackle-cyberattacks/

CEOs face many challenges—financial performance, market growth, customer
satisfaction, and talent retention—to name just a few.

One challenge, however, is newer and evolving more rapidly than most
others: the cyberattack.

Cybersecurity will be a major issue for CEOs in 2015 and for many years to
come. Cyberespionage is rampant and intellectual property that took years
to develop can be stolen in a matter of minutes. Revenge against companies
for perceived wrongdoing or a company’s mere presence in a particular
country can become a motivation for a cyberattack. Companies that hold
payment information experience thefts of data. The list is long and growing.

As companies understandably expand their Internet presence, risk increases.
As nations’ cyberattack capabilities increase and their willingness to
attack grows, risk increases. As the destructive capabilities of attack
software morphs and further threatens the accuracy and existence of key
customer and company data, risk increases.

As these and other cyber risks increase, CEOs must raise their cyber game
as well.

CEOs will need to: understand what systems and data are critical to their
organization and their customers and how their company is protecting them;
assure interconnectivity with vendors and service providers is being
properly managed; plan for growing possibilities of combined cyber and
physical attack scenarios; evaluate the amount and quality of investment in
cyberdefenses including both human capital and technology; assess relevant
personnel to make sure they have current and pertinent experience and
skills; encourage selection of board members with experience regarding
these issues and appropriately encourage board consideration of cyber
issues. CEOs should also continue to work with regulators as regulatory
requirements and standards evolve.

CEOs will also need go beyond their own walls to better protect their
company. They should assure their company engages with one or more
third-party groups that focus on sharing cyber information and best
practices. They should also encourage “security by design” from vendors for
products and services acquired. CEOs should also establish relationships
with key government agencies (such as the FBI and the U.S. Secret Service)
which can help companies better understand cyber risk and recovery steps in
the event of an attack.

Finally, CEOs should advocate for congressional action regarding cyber
issues, including the passage of legislation relating to cyber information
sharing, breach notification, cybersecurity standards, cyber R&D funding,
cyberdefense talent education, and stronger cybercrime investigative
capabilities and penalties.

Good progress is being made on these issues, but much work remains. CEO
leadership will make a real difference.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!