
Having a clear governance and leadership model, translating that into a real risk management program and understanding what happened after a cyberattack are the three key strategies for eliminating or reducing your cybersecurity risk. “If you have no feedback loops, if you don’t understand what happened operationally, if you are not seeing attacks and the way you are handling them, are you really understanding what is happening in those systems in real time?” Coleman said in the Journal blog.
“The volume of security incidents increases every year, they’re
getting more complex, and data breaches are more frequent and costly than ever.
That’s why businesses are turning to cyber resilience – accept that security
breaches are inevitable and develop the ability to efficiently handle them and
move on, just like any other business challenge,” John Bruce, CEO of Resilient
Systems, which sponsored the latest Ponemon Institute report on cyber
threats, told SCMagazine.com recently.
Data breaches that get reported are just the tip of the iceberg,
the Ponemon Institute says. Ponemon notes that as
part of everyday business, there are exponentially more security incidents than
data breaches. Under federal law, all security incidents need to be assessed to
determine if they are data breaches that require reporting. The study’s
findings indicate that organizations are not thoroughly assessing their
security incidents. In fact, one-third of the respondents do not have an
incident response process in place.
Coleman advises that cybersecurity teams use common language to
keep the board and the C-suite up to date. “Generally, organizations that
embrace it understand the conversation, they don’t just keep it in the
technical area,” he said. “That is one thing that is still emerging, those
reporting mechanisms and how to get the board to see the overall risk
management in a way that translates the technical risk into showing how it
relates to the business.
In a recent conversation Coleman had, a board director
relayed to an IT person that his company had been talking about a
digital transformation of the board for two years, but the conversation never
involved the security team. It’s critical that companies close the loop on
keeping everything informed and involved.
Courtesy: Chief Executive Magazine
Other CEBI Blog Articles...
Kevin Minton
CEO
Chief Executive Boards International
KevinMinton@ChiefExecutiveBoards.com
Other CEBI Blog Articles...
Kevin Minton
CEO
Chief Executive Boards International
KevinMinton@ChiefExecutiveBoards.com
No comments:
Post a Comment
Comments to CEBI Blog articles are moderated to ensure member privacy and control spam. All comments except those deemed inappropriate should post within 24 hours.