How Leaders Can Create Security Resilience
How Leaders Can Create Security Resilience. KIEV, UKRAINE – 2018/12/29: In this photo illustration, the Adobe Inc. Computer software company logo seen displayed on a smartphone. (Photo Illustration by Igor Golovniov/SOPA Images/LightRocket via Getty Images) LIGHTROCKET VIA GETTY IMAGES
Last week, Adobe Inc. suffered a cyber breach wherein the email addresses of more than 7.5 million customers were exposed. For Adobe’s leadership, it was a stark reminder of the company’s 2013 breach, in which 38 million usernames and passwords were stolen.
Across the globe, breaches are occurring at an alarming frequency. Earlier this year, the World Economic Forum ranked “data fraud and theft” and “cyberattacks” as fourth and fifth on the list of the “top 10 global risks of highest concern for the next decade.” Unless cybersecurity efforts match the pace of technological advances, the organization estimates these threats could cost as much as $90 trillion by 2030.
Despite these dire predictions, many businesses are failing to keep up. More than two-thirds (69%) of employees feel their organization’s cybersecurity approach is “reactive and incident driven.” That is unacceptable. Leaders cannot afford to wait for an incident to occur, and cannot relegate cybersecurity to the confines of the IT department. Instead, leaders should take a proactive and integrated approach toward combating the rising number of cyber crimes and cloud-based vulnerabilities. Here are three ways they can start today.
1. Improve Your Security Team
A 2018 PricewaterhouseCoopers (PwC) survey found that just 39% of respondents were “very comfortable with the sufficiency” of their cybersecurity and privacy workforce, and just 33% believed their companies were “fully ready to meet recent and emerging requirements for cybersecurity, data privacy, and data-use governance.” In all honesty, the time to build a cybersecurity team was yesterday. If a company is among those that have not yet hired an adequate workforce, it should do so immediately.
The most important position on the security team is the chief information security officer (CISO or CSO) — which, incredibly, 38% of Fortune 500 companies do not currently have. These CISO-less companies are making the same mistake as Target, whose 2013 breach exposed the credit and debit card data of 40 million customers. According to a former manager, the lack of a CISO was a “root cause” of the breach.