New security challenges…and how to fight them
When the global movers and shakers gathered at the World Economic Forum earlier this year, they got a short, sharp, shock — in the form of its Global Cybersecurity Outlook.
During the press conference, WEF Managing Director Jeremy Jurgens related that ‘93 percent of cyber leaders and 86% of cyber business leaders believe that a catastrophic cyber event is likely in the next two years.’
Jurgens was in part referring to malefactors like Russia and China making cyberwar on their enemies, whether real or perceived. But the threat is growing as well for businesses, big, small, and medium.
For example, recent ransomware attacks (criminals stealing data and then attempting to ‘ransom’ it) temporarily shut down Canada’s largest bookstore chain and the UK’s Royal Mail.
These organisations have impressive security budgets and all the latest security tools and tech. If they can be victimized, how can a mid-market business keep itself safe?
The answer is more straightforward than you may think: it’s expert leadership at the Board table.
As a CEO, you can’t be responsible for all the technical details. But you can, and must, be able to ask the right questions of the people responsible for security—and stay on top of them.
Most attacks use simple methods. The reason they’re successful is because companies have forgotten to get the basics right. So we urge you to ask your IT team or suppliers six simple questions:
- Who is accountable for our security and risk strategy?
- When was the last time we reviewed and tested our security?
- Are security systems up to date? How do we know they’re up to date?
- Do we have assessments or accreditations?
- Do staff—and that includes the CEO—get regularly trained in cybersecurity and social engineering? Have we ever tested that training?
- If we do end up in trouble, who’s in charge, and what’s the plan?
If your IT team can’t provide satisfying answers to all these questions, and quickly, then it may be time to consider IT leadership in the form of a fractional CIO, CTO, or CISO.
For a more detailed guide to mailing down the basics, see 13 key steps to cyber security, our comprehensive list of questions for non-technical board leaders.
To read more content related to this topic, see our Cyber Security Knowledge Centre
If you have any questions about cyber security or IT, feel free to contact us. Unlike cyber criminals, we’re always up for a no-strings, no-pressure conversation.