If column inches on an issue equated to how seriously organisations took it, then cyber security would undoubtedly be the number one concern for CEOs and the rest of the board in companies all over the world. However, I am not entirely sure if this is the case.
Most organisations talk about cyber security and how robust their defences are against cyber attack, but how many organisations could honestly say they are as well-protected as they say they are? The volume and severity of cyber attacks increase year-on-year, yet according to research from security firm Barkly, 52% of organisations that suffered successful cyberattacks in 2016 haven’t made any changes to their security in 2017.
Is this a case of hoping that lightening does not strike twice when it comes to a security breach? Or are CEOs and fellow board members simply laissez-faire when it comes to cyber security? Either way is fraught with potential danger – how can cyber security move higher up the corporate agenda so that firms are as well protected as possible?
An overload of data
The rise in the security threat has come about because of a rise in the sheer volume of data in modern business. More data has been created in the past three years than in the entire previous history of the human race. It is the basis of every business decision and handling and analysing data in the correct way can give businesses true competitive edge. But how this data is stored and managed is a potential problem.
Choosing where to store data is a major decision. The cost and time involved in building data centres means that this is simply not possible for most firms, leading to the rapid adoption of cloud-based storage solutions. Sometimes this adoption is even driven by board members, who have used such services in their personal lives.
However, while these are convenient for users, they remain a major security headache for IT teams, who look to the top of their company for more purposeful guidance.
Starting at the top
The ultimate responsibility for any organisation’s security policy falls on the board, and in most cases the CIO, yet this is not the only area that they cover and usually the task of justifying where they are adding value gets in the way of focussing on this task completely. It’s not that boards do not recognise the value of data security, it’s that sometimes this less glamorous and complex task can be left behind.
Cyber risks are often relegated to the status of an ‘IT issue’, yet only 10% of CIO’s consider cyber security a top business priority. By increasing the board’s awareness of the risks that a breach in cyber security poses, or having a risk officer or committee reporting to the board, an organisation is much more likely to adopt more rigorous structures put in place and for these to be widely adopted throughout an organisation, securing its long-term security.
An easy way to achieve this is by implementing online board portal technology to improve security at board level. In doing so, it raises awareness of the risks a board is currently exposed to and demonstrates the role of technology in improving security, and the value that could bring to other areas of the company.
By implementing this technology, board members have greater access to all of the information they need in a highly secure manner. The best board portals on the market will host data in secure data centres, ideally with the ISO27001 security certificate. The value of this certificate, not only to the data centres, but to the organisation overall will highlight just how seriously they take data security.
The storing of data in this way will provide a framework for the way the organisation manages its data, which should limit the temptation to use free, unsecure methods of data hosting. By introducing technology at board level, the focus on security is increased, setting the example for the rest of your company.
Cyber security is a board level issue, with grave consequences for those that aren’t fully protected. Setting the example for this, must come right from the top.
[su_box title=”About Alister Esam” style=”noise” box_color=”#336588″][short_info id=’104117′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.