Addressing cybercrime: Why board responsibilities must evolve

By Gaurav Kataria, CIO, Cyient.

  • 7 years ago Posted in
While the advent of new technologies such as automation, Artificial Intelligence and machine learning are helping propel businesses forward, they’re also opening up organisations to growing security risks. Huge advances are being made in genomics, and manufacturing technologies, with machines closing in on human abilities with astonishing speed. Yet, cybercrime represents the dark side of digitisation, and is the mastermind of increasingly sophisticated individuals. We’re now facing the most significant cybersecurity threat to date. Last month, the WannaCry ransomware attack affected thousands of businesses worldwide and new types of attack are emerging all the time. It’s therefore more important than ever before for board executives to take these threats seriously and batten down the hatches to protect their organisations, employees and customers.
 
Keeping cybercrime at the top of the agenda
The digital warfare is intensifying, and cyber criminals are becoming ever more sophisticated and creative in their approach to attack. In response, the role of the board has moved from being 90% focused on fiduciary responsibility to 75% focused on strategy and risk management. Of all the risks that the board oversees, cyber security has emerged as a central theme across all large and mid-sized corporations, with businesses expected to spend $101.6bn on cyber security software, services and hardware by 2020, according to IDC. The board should no longer focus solely on mitigation strategies but also ensure that processes are in place to cover liability.
 
On top of IP and data loss, the board must look at how it can prevent reputational damage to its brand. We’ve seen a number of examples in the press recently where businesses have been left red-faced due to security scandals – from Barclays’ CEO falling victim to an email prankster to Yahoo’s acquisition price being slashed after suffering several data breaches. Reputation is one of the most valuable and fragile assets of an organisation. According to the World Economic Forum, more than 25% of a company’s market value can be attributed to its reputation, which demonstrates the importance of getting this right. A good reputation built through years of dedicated effort can be destroyed almost overnight, especially in today’s world where an organisation’s customers, operations, supply chains and internal and external stakeholders are scatted globally and connected via technology.
 
The impact of new technologies
As the threat of cybercrime intensifies, it’s not a case of ‘if’ but ‘when’ hackers will strike each and every business. Exploit kits are increasingly being sold on the dark web and paid for with bitcoins, making it easier for anyone with an agenda to do so to buy low cost tools and remain relatively unnoticed.
 
This means that the window for responding is narrowing and organisations have to demonstrate that they have taken control of a breach very quickly if they are to protect their data and reputation. That said, board executives should take care over exactly how the breach is communicated to their customers, stakeholders and the media – TalkTalk’s CEO, Dido Harding, was heavily criticised for her handling of a major hack attack in 2015.
 
Taking action now
Today, just 7% of organisations claim to have a robust incident response programme in place and nearly half of UK businesses have no cyber security plan whatsoever. To address this, the emphasis for boards must now be on making sure that critical security infrastructure is in place, enhancing crisis response and strategies that emphasise a good balance of preventative and responsive tactics.
 
Technology is blurring the lines between industries and people are spending more time connected to the internet than any other medium of communication, providing increasing opportunities for attacker models. While understanding the future impact of technologies should be the responsibility of the business’ managers, it is the board executives’ responsibility to ask management for their perspective on how the organisation is handling the strategic risks related to digital disruption today.
 
Some organisations are creating new technology forums, building the expertise of corporate directors and strengthening IT governance. This is all with the aim of empowering boards to guide managers by asking the right questions about technology and its impact, and pushing cyber security issues to the top of the agenda.
 
Technology is advancing at an astonishing pace, with developments in robotics and cognitive technologies pushing the boundaries of what’s possible. While I am very optimistic about our connected future, C-level executives need to ensure they’re asking all the right questions to deal with the risks arising from the digital era and ensure they’re don’t fall victim to the next cyber-attack.
By Barry O'Donnelll, Chief Operating Officer at TSG.
By Dr. Sven Krasser, Senior Vice President and Chief Scientist, CrowdStrike.
By Gareth Beanland, Infinidat.
By Nick Heudecker, Senior Director at Cribl.
By Stuart Green, Cloud Security Architect at Check Point Software Technologies.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Damien Brophy, Vice President EMEA at ThoughtSpot.