Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

When are CEOs going to rebuke cybersecurity’s failure to protect?

Sharat Sinha, Vice President, Asia Pacific, Palo Alto Networks | Dec. 9, 2014
CEOs and executives need to take a more proactive approach to dealing with cybersecurity and treat it as a priority, rather than an afterthought.

A revolution is in the air. The cybersecurity community and leaders continue to bicker about compliance, certifications and reactive "magical analytics" that do little more than provide a false sense of security. Yet, CEOs and business leaders get to take on all the risk and accountability when they finally learn about an intrusion. Fingers point in all directions as failures hit the news and "Monday morning quarterbacks" fault everyone except the cybersecurity community.

With all the finger pointing, I think one thing sometimes gets lost in the shuffle: why aren't C-level executives demanding more from the cybersecurity technology community? Today, legacy and stagnant vendors continue to propagate an idea that 15-year-old technology provides protection. With every new breach and headline, will we finally see CEOs push back and demand a modern layered approach that renews cybersecurity's responsibility to prevent intrusions?

Nowadays, each time an intrusion happens, the cybersecurity community points to the compromised company or organization saying they neglected to follow some standard or measure of compliance. But since all the risk and accountability resides on the shoulders of CEOs and executives, they should get more involved in the decisions their organization is making concerning protection and demand more from the cybersecurity industry.

A new study, the Global State of Information Security Survey, carried out by PricewaterhouseCoopers (PwC) reported that the frequency of security incidents have risen to 64% in Asia Pacific. Concerns about breaches and security issues have, in recent years,finally resulted in cybersecuritygetting a seat at the boardroom table. However, in many cases, this type of C-level feedback is only starting to happen. As an example, network operations and security operations funding lines remain disjointed in ways that helps attackers. There is any numberof reasons for disjointed funding, and your team will spend precious resources and time trying to force the integration of your IT operations and security portfolio. But those line-by-line budget battles often mean they spend less time protecting your organisation and more time trying to connect complex pieces together. With everyone rushing to get budgets approved, what ends up happening is the purchase of new firewalls or any number of "best of breed" appliances that tick a box for compliance. Unfortunately, this approach is a fool's game, and in that rush to budget, leaders continue to listen to "best of breed," "flavours" and "trends" that only feeds a self-licking ice cream cone approach to cybersecurity.

CEOs and executives need to take a more proactive approach to dealing with cybersecurity and treat it as a priority, rather than an afterthought. Instead, it's important to adopt a holistic approach to cybersecurity, making sure you are covering all bases, that is, the cloud, the network and the end point. More than this, consider engaging cybersecurity experts to evaluate and look into security loopholes and blind spots within the security platform. Develop an information security strategy that is aligned to the specific needs of the business and appoint a senior executive, such as a chief information security officer, to take charge of the security programme in the company and communicate the importance of security across the enterprise.

 

Sign up for CIO Asia eNewsletters.