- September 22, 2018
- Posted by: admin
- Category: Uncategorized
Hacking and data breaches are an ongoing threat, so why are so many execs ignoring the issue?
The boards and executives of companies are meant to be good at balancing risk and oppportunity; so why do so many have a massive blind-spot when it comes to computer security?
High-profile hacking incidents and security breaches continue and despite the arrival of GDPR data protection rules in May aimed at prodding European organisations into improving security at the risk of large fines, many organisations still aren’t getting cyber security right or don’t understand what they’re supposed to act on.
That’s something the UK’s National Cyber Security Centre (NCSC) is looking to change.
“Cyber security is now a mainstream business risk. So corporate leaders need to understand what threats are out there, and what the most effective ways are of managing the risks,” Ciaran Martin, chief executive of the NCSC, said recently.
“But to have the plain English, business-focused discussions at board level, board members need to get a little bit technical. They need to understand cyber risk in the same way they understand financial risk, or health and safety risk.”
But many board-level executives seemingly still don’t understand cyber security risks, even if they are more likely to be spending more on IT security than they did previously. And that’s even after the WannaCry ransomware attack and the NotPetya malware outbreak, both of which caused vast damage and clean-up cost to organisations around the world hit by the malware.
So why do the upper echelons of many organisations still not understand the risks they face or know what they should be doing to counter them?
One issue is that within many organisations, cyber security is still viewed as an issue for the IT department, rather than the business as a whole.
“It’s been very much seen as an IT problem because some of the requirements to prevent cyber attacks require technical mechanisms and procedures to be put in place, so boards think the tech team will take care of it,” says Sarah Pearce, partner in the privacy and cyber security practice at international law firm Paul Hastings.
It’s somewhat understandable as to why those who aren’t fully technically literate might think that the guys who fix the computers should be held responsible for cyber security. But more often than not, attackers aren’t going after IT, they’re targeting finance, HR and other parts of the organisation which hold valuable data — and users who might not be up to speed with cyber security issues.
“Now it does go to every single part of an organisation and I think there’s now more of recognition of that,” Pearce says.
“But there’s been no or very little allocation of responsibility and it actually needs to be driven from a centralised, senior level so that all of the various divisions of the business are engaged and that hasn’t been coordinated — and in some businesses, that’s still not the case,” she adds.
Read More Here
Article Credit: ZDNet
The post Cyber security: Your boss doesn’t care and that’s not OK anymore appeared first on erpinnews.