If the past year has shown us anything, it’s that companies should no longer ask if they are going to be hacked and instead when. With every company becoming digital, the pace of change is only accelerating and our ability to make the right decisions on cybersecurity needs to move even faster. Some estimate that between $9 and $21 trillion of global economic value creation could be at risk if companies and governments are unable to successfully combat cyber threats.
As cities, countries and companies navigate at the fast pace of change in this new era of the internet, security will become more essential to the business and in many cases, will help drive growth. Businesses will be driven by security embedded in the network, architecture, data at the edge and convergence of applications. Transformations such as the one we are experiencing now will also require smart leadership from the board and the c-suite.
We predict connected devices will grow to 50 billion by the year 2020. The average connected device has over 20 identified security vulnerabilities. Cyber-attacks are gaining the ability to become more and more complex, increasing the risk they pose for companies everywhere. The pace of change, as businesses continue to transform, will require boards and the C-Suite to make fast and effective security decisions that protect the company business – both from a market perspective and a reputation perspective. Security is no longer just about protecting a business’s information. It is critical to maintaining trust with the public and customers, building company reputation, as well as safeguarding data, IP and critical infrastructure. This can all influence higher-level issues like maintaining competitiveness in the market, stock price, and shareholder value.
With no common set of standards in place, Internet security is lagging behind the sophistication of hackers. The global economy is not adequately protected. Of companies that were attacked in 2014, 81 percent were not able to identify the breach themselves and on average it took them 188 days to realize their security had been compromised. For companies to take action now, security needs to become an issue from the top down. Both the board and CEO must ensure that they are making the right decisions about security through the following ways.
Understand cybersecurity as a risk
In a recent ISACA report, 55 percent of corporate directors said that they must personally understand and manage security as a risk area. The board’s involvement with cyber risk may be growing, but many members still do not understand key areas. The board should start by asking questions about the company’s approach to security and readiness to face an attack and the CEO should be prepared to answer them. Critical areas include whether or not the company understands the cybersecurity landscape and how it can affect its key business sectors. They should also ask about how cybersecurity fits into the overall corporate planning process and whether executives take ownership of this. Additionally, the board should know the company’s process for disclosing security breaches and if there is a set plan in place.
Combine business and technology architectures
The CEO must make it clear that security is not just an IT problem – it is a priority for the business that is top of mind. Business and technology leadership must work together to discuss potential risks and find solutions that protect intellectual property and financials alike. A security strategy should focus on the critical services that enable the company. CEOs need to be able to answer tough questions and prove that they are leading a security strategy that works through testing and explanation.
View the original content and more from this author here: http://ift.tt/1HqVLAI
from critical infrastructure alliance http://ift.tt/1MqOlki
via IFTTT
No comments:
Post a Comment