It’s common knowledge that cyberattacks will escalate, so upper management has to develop an understanding of the threat landscape, the different types of attacks and what it all involves. Right now, the Trump administration is working on an executive order to clearly establish the duties of agency chief information officers.
“Despite multiple legislative mandates, agency chief information officers do not have adequate visibility into, or control over, their agencies’ IT spending, resulting in duplication, waste, and poor service delivery,” reads the executive order. “Enhancing the responsibilities and accountability of agency chief information officers will better position agencies to modernize their IT systems, save taxpayer dollars, reduce cybersecurity risks, and better serve the American people.”
A vulnerable framework is not only a security risk but also a major business liability. However, upcoming cyberattacks and network bugs are set to get even worse because, as a recent survey by Americas' SAP Users' Group has found, cybersecurity is still not a major concern or skill among C-level executives, especially the non-technical leaders.
“The frequency of cyberattacks is only likely to accelerate over the coming years, therefore it is vital that senior executives have a full understanding of the inherent risks and implications,” explains Cyrus Mewawalla, Head of Thematic Research at GlobalData. “The losers will be those companies whose boards do not take cybersecurity seriously, as they run a higher risk of being hacked.”
Unless managers prioritize cybersecurity with investment in clear areas of focus such as machine learning for active threat detection, data breaches could become a major disaster for customers, and for the organization whose reputation and business will be impacted. Even upper management can turn into a major security liability if they don’t understand the risks.
With this in mind, it really came as no shock that, following the massive security attack, Equifax’s CIO and CSO immediately left the company and their Equifax-related digital footprint started being wiped. According to NBC News, Equifax’s former CSO was in fact a music composition graduate, with no security degree. Equifax is one of those breaches that will always serve as an industry case study of the effects on a company of a lack of proper security.
One roadblock in implementing a proper strategy is the constant miscommunication between non-technical C-level executives and IT specialists. The aforementioned survey found that, while 80 percent of security pros were greatly concerned about security, only 25 percent of C-level managers shared the same concern. When asked about cybersecurity strategy, 12 percent had none while 23 percent knew nothing about it. As many as 82 percent considered their SAP applications a “minor vulnerability” in their company’s infrastructure.
In today’s economy, a weak security strategy will directly impact customer data, patents and confidential information. If these are compromised, the organization may never recover: just look at Equifax’s trajectory in the past year.