Given the frequency of cyber attacks these days, there’s a very good chance your organization has already been targeted by a cyber attack, such as phishing, at least once by now. The good news? You were able to defend yourself against it this time. But what about the next cyber attack? And the one after that? And the one after that? And the one after that? Cyber criminals will never stop and their cyber attacks won’t either. What’s worse, attacks are only going to get more relentless and difficult to defend against as time goes on because hackers are finding easier ways to infiltrate organizations through simple, yet effective techniques such as phishing and ransomware. Time is on their side and all they have to do is sit and wait for the right moment to strike.
So, what do you do about it? While there’s no simple and straightforward answer, the best place to start is at the top. With so many IT teams having inadequate budgets and resources to battle today’s growing threat landscape, it’s time for executives to pay more attention to these teams. However, the problem is many top-level executives lack the insight into what their IT departments do and the challenges they regularly face. A recent CNBC study in Forbes revealed that 90% of 200 directors surveyed can’t read a cybersecurity report and are not prepared to handle a major cyber attack. The results also showed that 40% of executives stated they wouldn’t feel responsible if their organization were to suffer a hack and would hold CISOs and IT departments solely responsible instead. Sadly, it would appear leaders are still struggling to define who is in charge of the security of their organization’s data. So instead of working together with IT to ensure a strong security posture throughout, it would seem that a large percentage of executives would prefer to transfer the heavy burden directly to CISOs and IT departments.
The survey numbers only get more alarming when the Board of Directors is included. The CNBC survey states “When board members were asked about the amount of knowledge they had on cybersecurity, less than 20% had a high level, 65% had some, and 15% had little knowledge.” Also, more than 50% were dissatisfied with the quality of information pertaining to cybersecurity and IT risk provided to the board by management.
Clearly, executives and board members need to get better educated on the high-risk challenges their IT security teams face. It’s time to consider cybersecurity not just as an IT issue anymore, but rather an organizational issue. Executives need to take a step back and understand that effective cybersecurity requires a cross-departmental approach with effective oversight and execution by everyone. Top-level executives need to educate themselves quickly and realize the need to make the organization’s security posture a priority, Board members need to start asking for more IT insight so they can be more involved with cybersecurity decisions, and all other departments need to make sure they’re following IT security best practices to ensure that organizational security and compliance is seamlessly achieved. The number of data breaches in 2016 is reason enough for executives to ask IT, “What more can we can we do to protect our organization from being the next victim of a cyber attack?”
Is Your Organization Ready to Battle Cyber Attacks?
Find out with EiQ’s free, 10-question cyber security readiness assessment! Sign up now to see how prepared you are to identify threats and vulnerabilities, mitigate risks, and enable compliance.