C-Level strategy to combat cyber security

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

2013 saw the cyber security space come under extreme scrutiny, not only at a business level, but high on the government’s agenda. A recent survey commissioned by the Department for Business, Innovation and Skills (BIS) found that 93 per cent of large businesses suffered security breaches during the last year, whilst 87 per cent of smaller businesses suffered a similar fate.

Couple this with the fact that there are not enough security experts to combat this rising threat and you can see why governments globally are alarmed. In fact, research and consulting firm Frost & Sullivan recently released a report which found that the

number of security professionals

globally is about 2.25 million, yet the requirement by 2015 will be 4.25 million.Moreover,cyber security is now being reclassified to a tier-one national security priority, signalling that policy makers are urging action now.

Companies that want to do business with the UK government will have to meet a new cyber-security 'kitemark', the Cabinet office has announced. It is estimated that cybercrime costs the economy up to £27 billion every year and Defence Secretary Philip Hammond said in September that cyber defences had blocked around 400,000 attacks on the government's secure internet last year alone.

The new scheme is intended to stimulate the adoption of good cyber practices among business and help organisations better understand how to protect themselves. This scheme will have to be implemented by the C-suite and filter through the entire organisation. So where should businesses start when it comes to cyber security?

Given the variation of attacks, all with bespoke motives, cybersecurity goes hand-in-hand with enterprise risk assessment as it can directly affect both operations and the broader brand or reputation of a company, often resulting in significant financial repercussions. What we realise is that IT security solutions alone are no longer enough. And it is with this point in mind that takes cyber security out of just an IT department’s responsibility and directly as a must-have agenda point for the boardroom table.

A key question that those around a boardroom table must understand is the motive behind potential cyber-attacks – what information do the attackers want to glean – every company is unique. Only until this insight is understood can the right business decisions be made on the right investments to be made - a comprehensive defence system ultimately comes from an overarching strategy developed by business leaders and now is the time to act.

It is also important to encourage employees to take responsibility for the protection of their own data, introducing training programmes to educate your workforce and dispel some of the myths around cyber security. Set up learning sessions to ensure employees are fully aware of the procedures they should be implementing in their day-to-day working lives when using mobile devices or transferring sensitive information. It may also be necessary to bring new talent into the organisation; today’s young people are increasingly tech-savvy and think in a much more integrated way when it comes to technology, in their daily lives in and outside the office.

C-suite executives need to establish how they can encourage everyone in the business to take personal responsibility for the protection of their own data, introducing training programmes to educate your workforce and dispel some of the myths around cyber security. It is clear that companies are struggling to keep up and protect their businesses from cyber threats, which must change. Ultimately, it is pivotal that the right approach is taken at the top and that this is cascaded through the organisation.

Rangu Salgame is Chief Executive Officer of Growth Ventures at Tata Communications.

Topics