Security specialists share their top tips on how information security officers can win over the boardroom
This week, Joseph Valente was named the winner of The Apprentice 2015 and Alan Sugar’s new business partner. Valente triumphed over 17 rivals during the process and will pocket ￡250,000 to launch their own business. They beat the boardroom.
As seen on the show, a visit to the boardroom can be stressful to say the least. However, it doesn’t have to be that way. A CISO can shine by bringing new and innovative ideas in with them. Below is a collection of ideas that a CISO could suggest in 2016.
Mark Edge, UK country manager, Brainloop
“The CISO should take to the boardroom the concept of efficient and secure board communications. It’s been reported that UK boards spend more than £40,000 a year developing and distributing printed board books, so there is a tangible monetary benefit to be gained by digitalising this process.
“CISOs should not only emphasise the security benefits of a safe means to share board packs, they should explain how the solution could make a real difference to board members’ daily lives. The CEO will never lose her annotations again, the Chairman will be able to review board packs on any of his devices, from anywhere, online or offline, while the Company Secretary can easily create and update board packs straight from their existing Microsoft Office tools.
“Organisations will be able to demonstrate compliance and effective governance with comprehensive audit and reporting functions. The board will rest assured that all materials are encrypted both at rest and in transit and have the peace of mind that only authorised business users can access their most business-critical information.”
“For a CISO to make an impact in the boardroom, they should sell themselves as ‘The Cloud Enabler’ – both proactively supporting the usage of Cloud-based applications and guiding the way to a smooth, secure migration.
“Business leaders are now well aware of the operational benefits of migrating to Cloud-based applications and are eager to embrace new ways of working in a mobile, flexible and user-centric environment. While applications such as Office 365 provide a number of benefits, security concerns continue to act as barrier to their adoption. The keystone of this process will be to replace old firewalls with true next generation devices that can deliver both comprehensive, in-depth security and enhanced application performance in the Cloud environment.”
Salo Fajer, CTO at Digital Guardian
“When called into the boardroom, CISOs should advise the board to create an atmosphere that encourages employees to speak openly and report any suspicious behaviour. Outlining transparent access control policies will avoid any misunderstandings and show that CISOs are essential to keeping a business secure.
“Earlier this year the Ponemon Institute found the average cost of a data breach to be $3.79m. By adopting a proactive approach when it comes to preventing data breaches, a CISO could be saving their organisation millions from a catastrophic attack, or worse – an employee accidentally or maliciously sharing company data. CISOs must ensure that access to sensitive files is only given when necessary, operating on a ‘least privilege’ basis with temporary increases to access if it is required. The more sensitive the information the more levels of security there should be, with the most important data protected by passwords, multi-factor authentication and encryption.”
Michael Hack, SVP of EMEA Operations, Ipswitch
“With 2016 set to be a year of change with the introduction of the General Data Protection Regulation (GDPR) – a new, unified, EU data privacy law – a CISO would be well placed to introduce a risk management exercise that identifies the key processes and assets, and evaluates their vulnerabilities and potential threats. The results will then highlight the priorities for the next stage of the process towards compliance with the GDPR.
“The exercise should cover all areas of the business and should also consider technologies and strategies to mitigate the risks identified. For instance, one key technology for mitigating risk and ensuring compliance is managed file transfer (MFT), which is secure and will manage the entire process of data transfer protection both within and outside the business.”
Richard Beck, head of cyber security at QA
“Every CISO is potentially one data breach away from being fired. Putting in place clearly defined plans and rules should help protect the organisation from cyber attacks. A key element of this plan should be to ensure that all staff, at whatever level, receive cyber security training – above the basic hygiene level. Why? In almost all reported security incidents, the actions – either intentional or accidental – were by staff in the compromised organisations, which led to the security breach in the first place.”
Perry Correll, principal technologist at Xirrus Networks
“It is hard to believe that there are so few public Wi-Fi networks capable of serving our needs outside of the home securely—particularly when you consider that as of today, nearly everyone owns a smart phone, 91% use a laptop, and 80 percent have a tablet.
“Public Wi-Fi offers the convenience of accessibility, but typically doesn’t encrypt data, leaving passwords exposed and sensitive data vulnerable to the possibility of capture by those with malicious intentions.
“It’s bad enough worrying that while sipping a latte, cyber criminals might be trying to steal your credit card data and bank account numbers, but even more daunting to know that corporate espionage is on the rise. Public Wi-Fi networks offer hackers little challenge when it comes to intercepting private or classified information accessed by executives who stay in hotels on business.
“Now more than ever, large and small enterprises must upgrade their networks to provide better security for their customers.”
How much do you know about 2015’s worst data breaches? Try our quiz!