What Every CEO Should Know About Cyber Security

June 18, 2013 in Blog

Once the concern of only the largest businesses and organizations, cybercrime now affects companies of all sizes, and in some cases can destroy a company financially virtually overnight. In fact, companies with fewer than 250 employees were the targets of almost a third of all cyber-attacks in 2012, according to a report by Symantec. To survive in today’s marketplace, executives at small and mid-sized firms need to be prepared for cyber-warfare.

The new and rapid growth of cyber-criminality has left most CEOs ill-equipped to deal with the threats they now face. Although many executives understand the high financial cost of lost data and lost man hours caused by a breach in security or a coordinated cyber-attack, few recognize that a cyber-attack can adversely impact their credibility with shareholders, partners and customers, as well, causing further financial fall-out.
If they are to succeed in an environment where cyber-crime is endemic, CEOs need to develop a nuanced understanding of the cyber-threats that menace their businesses. Armed with greater knowledge, CEOs can better develop and execute strategies to lessen the danger posed by cyber-attacks.

The Illusion of Security
Businesses and organizations are spending more money on cyber-security measures designed to ward off external threats. Ironically, though, most security failures can be traced to internal failures. When a business’s defenses fail, it probably isn’t because of some new and advanced Trojan; rather, it’s likely the result of network mismanagement or uncoordinated and ungainly security systems.

The scale and complexity of the security systems many businesses have developed has created an illusion of safety. And while these systems may be excellent deterrents, they often are so intricate as to be virtually unmanageable. The IT departments tasked with maintaining these systems inevitably make mistakes. Those mistakes can lead to security breaches.

CEOs need to be aware of the danger of over-complexity. They need to arrange an objective assessment of their current systems and seek out security solutions that fortify them against external dangers without overburdening their IT departments.

A Shifting, Mutable Enemy
Executives are used to dealing with static threats. Corporate governance programs and procedures are not used to having to respond to dangers like cyber-threats—dangers that are so variable and so capable of rapid adaptation.

CEOs and their organizations must, if they are to successfully combat cyber-threats, maintain a situational awareness of these threats. They must be aware of cyber-incidents as they develop. But, awareness is not enough. They also must learn from the vulnerabilities exposed by these incidents. They can do this by aggregating, analyzing and acting on the data collected by their security systems.

In short, CEOs can’t be content with defending their businesses from the dangers of the moment. They need to be as adaptable and responsive as the threats they face.

Protecting Your Business
CEOs are starting to take cyber-security seriously. They recognize that they need to be included in cyber risk management discussions, and that they must be in communication with those accountable for managing network security. But, executives who want to truly protect their businesses from cyber-threats need to understand the threat they face and appreciate the prescient words of Wall Street Journal technology analyst Esther Dyson: “Cyberspace is controlled by those who understand it.”

Veteran Business Solutions offers a host of services to help protect your organization, from security assessment and product evaluation to security design and implementation, and security staff augmentation. To minimize the risk of a cyber-attack on your business, call our specialists at (703) 946-4922, or contact us online.