Even high-level companies aren’t immune to cyber threats. That’s why software experts are advising corporations to develop a strong security protocol.
Chris Bailey
VP of Strategy, Entrust Certificate Services at Entrust Datacard
How can high-level executives keep up-to-date on the current level of cyber risks and impact on the business?
Digital security vendors should serve as one of your trusted advisors and help keep you informed of the existing and emerging threats as well as advise you on what actions you should take to mitigate those risks.
What are some tactics and strategies to deal with established threats?
Prevention is the best method for avoiding established threats. Educate your employees, your customers and stay up to date on how to identify an authentic website to avoid phishing scams. Adding an Extended Validation (EV) certificate can help provide a clear indicator to your customers that your website is secure.
Could you explain one plan a business should have if an incident does occur?
Every organization should have a contingency plan in place in the event of an incident. That plan should include operational redundancies, contact information for critical personnel and vendors and a post-incident communication plan to preserve brand reputation.
What cyber threat concerns you most?
The one we don’t yet know about.
Stan Black
Chief Security and Information Officer, Citrix
How can high-level executives keep up-to-date on the current level of cyber risks and impact on the business?
High-level executives need to have real conversations with each business function to educate them about risks and their role in reducing them for the business. We’ll never be able to eliminate risks, but reducing it starts with education and awareness. The ability to identify and prioritize potential threats is key to protection.
What are some tactics and strategies to deal with established threats?
All business functions have to use the same terminology and tools to establish threats so everyone is on the same page about what the threat is, ways to address it and ensure it doesn’t surface again. Education and awareness need to be driven from the top down and integrated into all business functions.
Could you explain one plan a business should have if an incident does occur?
There are four fundamental steps to take if an incident occurs: identity, control, contain and mitigate. Once those fundamentals are in place company-wide, you can scale up or down as needed depending on the incident and outline a path towards remediation.
What cyber threat concerns you most?
Complexity is what worries me most today. We’re seeing more and more add-on tech that promises to solve things like data loss or malware. Businesses should be looking for solutions that solve challenges big and small so they can remove outdated layers and replace them with services that solve multiple business challenges and simplify the infrastructure so it’s easier to find threats faster.
Ed Cabrera
Chief Cybersecurity Officer, Trend Micro
How can high-level executives keep up-to-date on the current level of cyber risks and impact on the business?
Read. Read. Read. Did you know the average CEO reads five books a month? Warren Buffet says he reads five or six hours a day that includes reading the USA Today and five other newspapers. However, when it comes to understanding the likelihood and impact of the cyber risks they face they have to diversify their reading lists and become dynamic learners. They need to listen, learn and challenge their information security teams to not only inform but do so in the language they understand and that’s business. They also need to engage and partner externally with information sharing organizations, law enforcement, and security industry professionals to help them understand the real cyber risks that they face in their sector, region and even globally.
What are some tactics and strategies to deal with established threats?
Organizations need to start with a framework. It’s incredibly important today in this dynamic threat environment that organizations build an elastic cybersecurity strategy that can grow and expand continuously to mitigate that risk. The NIST CyberSecurity Framework does exactly that. Organizations are able to use it to continuously asses their cybersecurity maturity and improve it to meet threats they are facing.
Chris Bailey: Prevention is the best method for avoiding established threats. Educate your employees, your customers and stay up to date on how to identify an authentic website to avoid phishing scams. Adding an Extended Validation (EV) certificate can help provide a clear indicator to your customers that your website is secure.
Could you explain one plan a business should have if an incident does occur?
Benjamin Franklin said it best. “Failing to plan is planning to fail.” For the better part of the last fifteen years many have and for good reason posited that all enterprise organizations need an incident response plan. And this is still true and fundamental to any cybersecurity program, however, these plans often check the box stagnant compliance functions rather than living breathing plans that expand and contract in response to the dynamic threat landscape. Incident Response plans need to more comprehensive and akin to crisis management plans, where more functional integration is required across business units and corporate divisions and offices. Lastly, they need to be tested quarterly through tabletop exercises and training events leveraging the power of cyber ranges.
Chris Bailey: “Every organization should have a contingency plan in place in the event of an incident.” That plan should include operational redundancies, contact information for critical personnel and vendors and a post-incident communication plan to preserve brand reputation.
What cyber threat concerns you most?
An unprotected hyper-connected world. By 2021, it is predicted we’ll have over 26 billion devices connected to the internet. Many of these devices will be industrial IoT devices in manufacturing, transportation, and healthcare. This explosive growth coupled with the rising risk of digital extortion will have an immediate impact on critical infrastructure organizations. Cybercriminals today profit handsomely by attacking enterprises and will soon realize the lucrative opportunity in attacking smart homes, factories and cities having a potentially catastrophic impact.