Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Boards are getting more involved in cybersecurity, but is it enough?

Clint Boulton | Oct. 22, 2015
Despite operating in a state of hyper vigilance regarding cybersecurity threats, board participation in such planning is at only 45 percent, according to 10,000 executives surveyed by PwC.

Advanced authentication: Many banks and credit card providers support Apple’s Touch ID technology, allowing consumers to access their mobile application by pressing a finger to the iPhone’s fingerprint scanner. USAA, a financial services and insurance firm that caters to military veterans and service members, uses facial and voice recognition and fingerprint scanning for customer access to its mobile apps. Starwood Hotels & Resorts allows preregistered hotel guests to bypass the check-in desk and tap their smartphone or Apple Watch to unlock hotel room doors. Ninety-one percent of companies say they are using some form of advanced authentication to replace the traditional password credentials.

Security frameworks: Security frameworks, such as ISO 27001 and the U.S. National Institute of Standards and Technology Cybersecurity Framework, are gaining acceptance among organizations seeking to establish a foundation on which to mitigate risks. Such frameworks help companies identify and prioritize risks, gauge the maturity of their cybersecurity practices and better communicate. The Canadian Imperial Bank of Commerce has developed a scorecard based on framework controls that it uses to measure the maturity of its security program, according to the PwC report. Burg says 91 percent of organizations have adopted a security framework to hedge against risks.

Strength in numbers: Most companies – 56 percent surveyed -- are partnering with one another, sharing threat intelligence with others as a collective defense. Most organizations say such collaboration allows them to share and receive more actionable information from industry peers, as well as Information Sharing and Analysis Centers (ISACs). Burg says information sharing got a boost earlier this year when President Barack Obama signed an executive order that encourages collaboration among public and private organizations through Information Sharing and Analysis Organizations (ISAOs) designed to be more flexible than ISACs.

“ISAOs will fill certain gaps that current groups do not address and ultimately play a valuable role in contributing to a national cybersecurity immune system,” says Burg. He says PwC is currently working with stakeholders from the White House, industry and academia to improve the ISAOs.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.