Despite all of the digital criminality that keeps growing for the last few years, cyber security has not become the focused of most executives, until an incident happened inside the company. Then it is damage-control mode, as the company deals with stolen customer data, disclosure of confidential information, or many other worse conditions. This reactive approach is all too common, even though the real question is not if there will be incident but when this cyber incident will happen in the company.
It is time for companies to put cyber security matters into a serious consideration. In the corporate world, the raising question is whether cyber security is considered as a purely technical matter, or whether business understands that it is the lynchpin for safeguarding the most precious assetsâ€”intellectual property, customer information, financial data, employee records, and much more. Based on the survey conducted by PwC, CIO, and CSO, the answer would depend on whom you ask. 72% of executives were reported being very confident or somewhat confident that their organizationâ€™s information security activities were effective. However, when they were asked about the real action the company has taken, it was only 43% who described themselves as ready with cyber attacks.
One of the main issues with addressing cyber security problem is that executives do not always agree in the objectives and goals of the company. Usually, executives have different ideas of what the problem with cyber security. â€śCEOs agreed that lack of capital funding was the problem, but CFOs indicated a lack of leadership from the CEO was the reason. Meanwhile, CIOs and security executives pointed to a lack of actionable vision or understanding within the organization.â€ť, as stated by PwC.
As business moves to digital world, criminality does the same. It is crucial for companies to realize how important it is to be aware of thread, not only with the existing one, but also with the new type of threads. As we all may aware of, the oldest thread is nuisance hacking, in which there is little material impact to the company. A classic example is hackers defacing the companyâ€™s website. More serious and widespread is the second wave, which is hacking for financial gain, such as credit card credentials stolen. Unfortunately, this second type of hacking now goes far beyond blindly stealing customer credit card information or employee passwords. For example, hackers might target a companyâ€™s financial function in order to obtain its earnings report before it is publicly released. With such advance knowledge, they can profit by acquiring or dumping stock. Last type of hacking is the hacktivism, where hackers try to obtain sensitive information and disclose it to the public for their own interest.
With all the existing threads, company starts to get confused where to start in fighting cyber security. It is wise to start realizing that information and cyber security is not only technical aspects of the company; but also part of the core business. The point is not having CTO or CIO but it is also important that technology and cyber security issues become part of consideration in every business decision. Each department has to embrace the function of technology that can speed up their business process, for example, how secure payment transaction will speed-up monthly payroll.