Barely a month could pass in 2017 without seeing a breaking news headline of a massive breach. 2017’s data breach activity broke records, from WannaCry to Equifax, and this past year has taught us that the nature of cyber attacks is changing. Like you, board and executive members of the aforementioned enterprises didn’t think their organization’s vulnerabilities would be exposed or that they would fall victim to a cyber breach.
The common denominator of last year’s cyber catastrophes is that they had the opportunity of being prevented if cybersecurity had been a priority of the executive committee. With any new year, comes renewed focus. With regard to cyber risk, directors and senior officers should keep these five issues at top of mind during 2018.
1. Cybersecurity & Data Privacy Regulations
As new cybersecurity and privacy regulations are enacted, senior officers and board directors must ensure that their house is in order by properly managing and protecting the data that resides within the organization (or passes through it). The Global Data Protection Regulation (GDPR) is set to take effect on May 25th, 2018 and will have big implications for organizations handling the data of EU citizens. Because data is so ubiquitous, this regulation will affect most U.S. businesses to some degree. Furthermore, many states have taken their own regulatory measures: New York State implemented 23 NYCRR 500 last year which impacts the financial industry, while Colorado and Vermont passed similar regulations affecting organizations dealing with securities. More states are likely to propose and pass similar cybersecurity legislation in 2018 and beyond.
2. An Evolving Cyber Threat Environment
2017 taught us that cyber threat actors are growing more sophisticated every day. This year you should be wary of the behavior of several kinds of attacks, including an increase in IoT (Internet of Things) attacks and the persistence of ransomware and phishing attacks. Another example of the transformative cyber threat environment is the repeal to end net neutrality. This has sparked a debate about the decline in internet transparency and whether that decrease will generate more criminal activity or an increase in security. Lastly, the rise of cryptocurrencies (Bitcoin, Litecoin, and Zcash among others) has given hackers the opportunity to exploit new attack surfaces. The new trend of virtual currency has become the main attraction for cyber criminals to exploit illegal monetary exchanges with anonymity. Check out our top 10 cybersecurity predictions for 2018 here.
3. Increased Board & C-Suite Collaboration with InfoSec and InfoTech Leaders
Directors and senior officers should demand more time with information security and information technology leaders. Increased communication, understanding, and reporting will result in improved cybersecurity governance, better economic outcomes, and more business agility. According to a 2017 ISACA Tech Governance Research report, more than two-thirds of all respondents say that their company’s top leaders need to prioritize strengthening connections between IT and business goals.
4. The End of Complacency
Directors and senior officers have made some strides in grappling with cyber risk challenges. According to NACD’s 2016-2017 Public Governance Survey, only 31% of board directors have attended continuing education events related to cyber risk. Directors and officers should seek training and educational opportunities that are action oriented, improve communications channels with cybersecurity leaders, and tie business and cyber risk together in order to improve their organization’s cyber resiliency.
5. A Shifting Security Focus for Leaders
Customers, business partners, stakeholders, shareholders, investors, and regulators will continue to demand greater cybersecurity expectations in 2018 and will require organizations to do more to create a culture of cyber resilience. Training, security audits, and tabletop exercises will be the ‘new normal’ for directors and executives. Senior officers and directors must be proactive about cyber risk, ensure their organizations are properly measuring and assessing cyber risk, implement training programs (including ones for directors and execs), conduct regular audits, and routinely practice their response plans.
It’s Not Worth The Risk
Don’t risk your company’s reputation by hoping threat actors won’t tamper, infiltrate, and exploit your organization’s network. Being proactive will help to keep your organization’s name out of the breaking news data breach headlines in 2018. Take control of managing your cybersecurity posture. If you’d like a more in-depth explanation of how you can protect your organization, then consider our Cyber Resolve seminars, tabletop exercises, and training programs. Let’s start the conversation around your organization’s cybersecurity approach today!