In reading about critical infrastructure protection and cyber security issues every day, I’m beginning to see a theme in our industry that is of special interest to me – cyber threats.
When I attended the RSA Conference at the end of February, the first day of the conference included an announcement from Carnegie Mellon and RSA about the results of a survey conducted by Carnegie Mellon’s CyLab regarding governance of enterprise security. Using the Forbes Global 2000 list, the CyLab survey revealed that most corporate executives and external boards of directors are still not involved in governing their company’s cybersecurity strategy. A good summary of the results and some thoughts from Kelly Jackson Higgins of Dark Reading can be foundhere.
Sadly, the CyLab survey is on the mark and we need more leadership from corporate boardrooms and executive suites to help our fellow chief information security officers be successful in this very dynamic world of cyber threats.
That theme is underscored by this recent item in Insurance Dailyunder the headline: “Directors must wake up to cyber threats.”
Not only should corporate boards grasp how exposed their companies are to the digital threat environment, but they should gain some understanding of the cyber threats they face and to make sure adequate procedures are in place to mitigate the consequences of a serious data breach.
So, what does this mean? Leadership from the top is vital in setting cybersecurity policies and defenses. It is important for all employees and corporate contractors to be diligent about protecting the corporate assets – including data and information. At Verizon we have found that this sensitivity cannot be easily “pushed up” from the CISO but really needs to have the tone set by the CEO and board.
I don’t think anyone would ever say that cybersecurity would be easy. However in today’s environment of attacks and threats from cybercriminals, nation-states and the disgruntled employee should be top of mind with corporate boards and the executive suite to make sure every employee remains at the front line of defense.
Verizon recently released the 2012 Verizon Data Breach Investigations Report (DBIR), the company's landmark report series that examines the state of cybercrime and data breaches around the world. Be sure to get copies to your board members, your CEO and executive team so they can gain a perspective of the global security trends and how to better protect your enterprise.
