Story image

Cyber security: more engagement vital

19 Feb 16

C-suite execs aren’t engaged enough when it comes to cyber security, according to a new study from IBM Security, which says many leaders across the C-suite are confused about who the true cybersecurity adversary really is, and how to combat them.

According to IBM Security, on paper cybersecurity is viewed as a top concern of 68% of CxOs, and 75% believe a comprehensive security plan is important.

However, the Securing the C-Suite, Cybersecurity perspectives from the boardroom and C-suite study found key execs need to be more engaged with CISOs beyond planning for security, and need to play a more active role.

A major finding of the study was that 70% of CxOs think rogue individuals make up the largest threat to their organisations. The reality is that 80% of cyberattacks are driven by highly organised crime rings in which data, tools and expertise are widely shared, according to a United Nations report2.

The study found that a broad set of adversaries concerned the C-suite, including 54% who acknowledged crime rings were a concern, but they gave nearly equal weight of concern to competitors at 50%.

According to the study, over 50% of CEOs agree collaboration is necessary to combat cybercrime. Ironically, only one-third of CEOs expressed willingness to share their organisation's cybersecurity incident information externally.

IBM Security says this exposes a resistance to widespread and coordinated industry collaboration, while hacking groups continue to perfect their ability to share information in near real-time on the Dark Web.

CEOs also emphasise that external parties need to do more; stronger government oversight, increased industry collaboration and cross-border information sharing – a dichotomy that needs to be resolved, IBM Security says.

"The world of cybercrime is evolving rapidly but many C-Suite executives have not updated their understanding of the threats," says Caleb Barlow, vice president, IBM Security.

"While CISOs and the board can help provide the appropriate guidance and tools, CxOs in marketing, human resources and finance, some of the most sensitive and data-heavy departments, should be more proactively involved in security decisions with the CISO,” Barlow explains.

“In fact, marketing, HR and finance departments represent prime targets for cybercriminals as they manage some of the most sensitive customer and employee data, manage corporate financials and have access to banking details,” he says.

In the study, roughly 60% of CFOs, CHROs, and CMOs readily acknowledge they, and by extension their divisions, are not actively engaged in cybersecurity strategy and execution.

For example, only 57% of CHRO's report they have rolled out employee training that addresses cybersecurity, a first step in getting employees engaged on cybersecurity.

What Organisations Can Do
Of the CxOs surveyed, 94% believe there is some probability that their company will experience a significant cybersecurity incident in the next two years.

According to IBM's analysis, 17% of the respondents feel prepared and capable to respond to these threats.

 IBM identified standout respondents to the survey, classifying 17% as ‘Cyber-Secure’ respondents, the most prepared and capable CxOs.

It says ‘Cyber Secure’ leaders are two times more likely to have incorporated C-suite collaboration into the cybersecurity programme and two times more likely to have elevated cybersecurity to a regular agenda item at the board level.

Cyber-Secure tips for organisations:

·       Understand the Risk: Evaluate your ecosystem for risks, conduct security risk assessments, develop education and training for employees and incorporate security into the enterprise risk plan.

·       Collaborate, Educate & Empower: Establish a security governance programme, empower the CISO, elevate and regularly discuss cybersecurity at C-suite meetings, include the C-suite in developing an incident response plan.

·       Manage Risk with Vigilance & Speed: Implement continuous security monitoring, leverage incident forensics, share and utilise threat intelligence to secure the environment, understand where the organisation's digital assets reside and develop mitigation plans accordingly, develop and enforce cybersecurity policies.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”