The gloves have come off. If you thought cyber security was a big concern before, wait ‘til you see what’s happening now!
According to its October 1 report, “What Every CEO Needs to Know About Cybersecurity”, AT&T smacks us right between the eyes with an uncomfortable statistic – attacks on corporate IT systems to find weak points and Achilles’ heels is up a whopping 48%, or 43 million events, in 2014 alone. This means daily attacks have now risen to more than 117 million!
CEOs, CFOs, CIOs and CTOs, take notice. This is not limited to the largest of companies. Medium size entities are also under attack. And don’t think you can run and hide, leaders of smaller firms – you’re likely next. Vulnerability is vulnerability – it knows no size limitation, and let’s face it, your digital information assets are potentially just as juicy and attractive as any others (and likely with lesser controls and protections around them).
This is an inaugural report from AT&T – they did it to “enforce an action plan to ensure there’s a consistent risk assessment process in place, better understand what data is leaving your company and why you might be a target for an attack, ensure clear understanding of which board committee is responsible for security, and determine if your security team has necessary resources to protect against a breach.”
With the downside risks including loss of reputation and brand equity in addition to the information itself – in my mind, HUGE risks to your future viability as a profitable, successful organization – it is mindboggling to me to also read that 75% of organizations do NOT involve their boards in oversight of cybersecurity as a material risk to the entity. This is a direct weakness in the data governance strategy and policy of the organization, and one that needs shoring up immediately (think weak point in the castle walls with invaders pummeling at it with a catapult – it doesn't take much effort nowadays with more advanced technologies and tools to break through).
AT&T asks CEOs to take notice and elevate the discussions to the board level. I say CFOs should be right there with them. Information is the lifeblood of the organization and CFOs rely on this information to help make informed decisions to run that business effectively. They are responsible for ensuring that information has proper controls and monitoring around it to protect its integrity internally, including from inside cyberthreats (we’ve all seen the headlines of employees stealing information assets). Expanding the view to include protecting from the external cyberthreats is not a huge leap and one I would argue at least lays partially in the domain of the CFO. Technology already plays into a CFO’s daily routine today. Is it much of an ask to flip the coin and leverage technology (and other means) to also protect the very information they use for decision making from outside attack?
AT&T suggests leadership ask itself five simple questions about its exposure to cyber risks:
Great starting point. When will you be asking yourself and your board these questions?#datagovernance
- Is your board of directors fully engaged in cybersecurity?
- When did you and your board review your last risk assessment?
- What makes you a target for attacks?
- What data is leaving your company and is it secure?
- Have you provided your security organization all the tools and resources they need to help prevent a security breach?
#cybersecurity #governance #board #CEO #attack
#cybersecurity #CIO #Cyber #strategy #attacks #cyberrisk #cfo #IT #CTO #ATT