There will be two types of CEOs and directors in the future:
- Those who are aware of the latest cyber security threats, and
- Those who no longer have a business to run.
Keeping a company afloat is, conceivably, the number one concern of a Chief Executive Officer. Business continuity and recovery plans need to be regularly aligned with the current threat landscape. This includes cyber security awareness beyond technical implementation; having decision-makers get on-board with what needs to be changed.
When an attack happens, the data of customers, partners and employees are compromised to a point where quick action needs to be drawn from the accessible organisational policy. An attacker may reduce or stop business availability altogether, irreparably affecting a brand’s reputation.
Having an in-house expert or team on board that focuses on cyber threat awareness might be a CEO’s best next decision. Criminals are more sophisticated today than ever, shifting focus to data sources rather than networks. At the very minimum, these teams will need to:
- Actively research new threats.
- Continually produce risk and threat assessments.
- Keep updated recovery plans accessible to everyone.
- Facilitate communication between concerned stakeholders and partners.
Security awareness must be integrated into every department and be the basis of every decision made; extending beyond the IT part of the business. There’s no doubt about it: companies that see cyber safety holistically and an organisation-wide issue are those who will survive into the next decade.
If you’re a CEO or have influence in your company, what steps should you take today? The United States Computer Emergency Readiness Team have a useful questionnaire with recommendations.
Nelson Clemente (BEng, ISO27032)
getNEXT – Systems Engineer, Cyber Security Awareness