Mitigating cyber risks
How can leadership teams keep engaged with cyber risks, regardless of role.
The role of the CISO
Organizations across the world are subject to, and experience cyber risks. In many cases, it is the responsibility of the Chief Information Security Officer to mitigate these risks, but it takes talent at every level, including the executive committee, to be more aware of their actions and the consequences. How does a company protect itself without spending an entire budget on cyber security?
The CISO can be technical or can be business-facing. Monitoring threats is a major responsibility, but they need to be able to engage with other teams in the business, and have a team that can effectively communicate goals too. A CISO can explain what is needed, it takes leaders across the organization to help execute.
The role of the organization
It is helpful to have each function think about the resiliency of their practice. What happens if a CFO loses data? Do they have systems backed up, or recovery systems in place? Will point-of-sale tech bounce back? Is there a good reporting system to know that data across the group is not manipulated?
There is a big market for cyber awareness training. On every level, decreasing risk starts with simple tasks, like not clicking on suspicious emails and links, making sure corporate laptops and phones are secure or refraining from engaging with private files in public. Of course, this depends on culture of the company. Some organizations are not as digitally-enabled, and do not have access to the various modes of communication that open them up to certain risks.
Areas to watch
Cyber risks hit every department of a business. Take supply chain management – disruptions there can shut down services internationally. Cyber-resilient operations teams might not be the most obvious consideration but this is a clear example why they need to be. Look at the CMO and how companies are marketing themselves. Although software has improved, bots fuel pay-per-click fraud, making it difficult to gauge effectiveness and reach of message.
Organizations in financial services hold client and customer credit risk data. Having entire data sets on the same server, for example, can produce major compromises. In one example, executives had to limit the downfall after a breach to lower risk and began turning to a multi-channel approach to diversify data storage. Think of data as a portfolio with different information subsets, lessening the loss when one is breached. And it’s not just internally – third-party suppliers also expose organizations to cyber risk.
Selecting the right talent
The cyber world is always changing. While companies will hire talent that understands the challenges they face, teams will need to be adaptable and able to overcome new hurdles. We help our clients through diversifying the talent pool and identifying CISOs that will bring future-focused thinking and adaptable mindsets. Leaders that recognize the importance of cyber training and budget to improve skills and tools.
Leadership teams, not just the CISO, need to constantly engage with cyber risk, and keep up with change and each other to help avoid cyber breach.