As it stands, cyber security threats are perhaps the greatest risk facing businesses the world over.
Just this month, it was reported that Verizon has lowered its bid for Yahoo by $350 million in the wake of the company’s cyber breaches.
The Cisco 2017 Annual Cybersecurity Report showed that one-third of organisations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 per cent.
Breaches hit the bottom line and that should absolutely make security a C-suite topic. So why are many businesses leaving themselves open to attack?
A shifting threat landscape
Despite the prominence of cyber security threats over the last two years, many businesses are still failing to master the basics of cybersecurity.
Fujitsu’s own Threat Predictions Report for 2017 has found that European businesses are leaving themselves vulnerable to attack by failing to carry out simple but vital tasks, such as keeping up with basic IT security processes and revoking the access rights of former system users.
This also appears to be an issue for the UK; according to Cisco, the UK has the lowest level of security maturity worldwide. As a result, companies are needlessly at risk of data loss, data theft and the external disruption of their systems. This is seriously concerning.
The threat landscape is continually shifting, and cybercriminals are constantly growing in their sophistication.
For example, it’s likely in the next few years that hackers will make increasing use of artificial intelligence in their attacks.
And with the introduction of the General Data Protection Regulation in May 2018, businesses will face several financial penalties for data losses, of up to four per cent of worldwide turnover.
Every business executive must take responsibility for their business’ cyber security threats – or risk becoming the latest high profile disaster.
Understanding the issue
Every C-suite officer, whether they’re IT-focused or otherwise, must ensure that they have a good grounding in cyber security threats, including the vulnerabilities of the business and the steps being taken to mitigate them.
Ignorance is not an excuse. The relationship between the leadership team and the IT department is crucial.
The IT team must be equipped with the resources needed to monitor and protect against cyber security threats, including the basics of maintaining basic security processes and access rights.
As and when serious threats do occur, it’s vital that security teams are equipped with the capabilities and resources to respond quickly – and have the route to escalate the threat to the leadership team as needed.
The C-suite must have a well-rehearsed strategy to respond to breaches that take place. In the short term, this includes contingency plans and business continuity plans, to enable the business to continue to operate despite the attack.
The response must include communicating in good time with key stakeholders inside and outside the company, to explain the extent of the attack and its impact.
Being able to act promptly against prepared plans and quickly and openly communicate can be vital in mitigating damage to the company’s reputation and share price.
It’s also important to remember that the fight against cyber security threats can’t rest within the C-suite and IT department alone. Every employee is at the front line of the business’ cyber defences.
The leadership team should aim to create a culture of cybersecurity, by re-skilling employees to make them security experts and ensuring that the entire workforce has a grounding in best practice.
By giving every employee a stake in cyber security threats, organisations can help to reduce the risk of the most easily avoidable attacks.
An evolving issue
The C-suite must also stay aware of how new technologies bring new cybersecurity challenges and threats. Many businesses are currently realising the potential of the Internet of Things to enhance business processes or provide new services, and the truly smart city is on the horizon.
However, as the recent Fujitsu Threat Predictions Report shows, many protocols designed for connected devices have their own vulnerabilities. Businesses must consider how they will keep themselves and their customers safe from hackers as these technologies take off.
Addressing cyber security threats from the outset, such as during the product design phase, will help to protect devices throughout their lifecycle.
But the newest technologies are also providing us with powerful tools to combat cyber criminals. Artificial intelligence will become a game-changer in enterprise security, acting as an early warning system for unusual web activity, for example.
Executive officers should monitor these upcoming tools and be ready to apply them within the business as soon as possible, to stay ahead with their cyber defences.
Going forward with confidence
Technology is an essential tool in modern business, and one that brings great advantages.
However, the digital world has also brought immense risks in the shape of cyber security threats, and this is something that business leaders cannot afford to ignore.
It’s clear that in the worst cases cyber breaches can damage a business irreparably, which must put cyber security threats at the top of the agenda.
By leading the organisation’s fight for cyber security, business executives can seriously mitigate the risk and impact of attacks and face the future with confidence.
Duncan Tait is corporate executive officer, SEVP and head of Americas and EMEIA at Fujitsu
Share this story