Blog del CCI

lunes, 17 de octubre de 2016

Real-life lessons, lack of transparency and root-causes

Boards of Directors have been worth this newsletter’s attention for almost the last two years. Given that beyond exotic technical aspects any kind of cyber issue impacting an organization has (or could have) consequences for the organization itself or for any of its stakeholders, no one better than the Board to become ultimate accountable for cyber. The BoD’s role in oversighting the organization’s overall performance and its function as ownership’s proxy makes it the perfect candidate to start learning the lessons that real-life cyber teaches.

A great majority of American (and abroad) Boards learned their first cyber lesson in 2013, thanks to TARGET. The retailer’s cyber breach affecting more than 100M of its customers served as a trigger for directors to start feeling the “new” menace. A growing number of Boards in the American stage started, since then, to ask for advice on digital and, particularly, on cyber stuff.

It is the effect of fear. And it is obvious that it runs as the perfect driver to improve awareness. But beyond fear, it is also true that there are a series of additional drivers that favor positive steps like promoting continuous compliance, engaging new cyber-savvy directors, etc. Among those drivers are regulation bodies, rating agencies, insurers, and last but not least the ultimate search for resilience. (Lights off means no threats, but it means no business, too).

While companies struggle for surviving in the cyber threaten (and threating) space, sovereign states are holding their particular, and most of the time silent, cyberwar. A kind of war in which technification does not necessarily means that you are stronger, but weaker (dependable); and in which, like it happens in conventional warfare, diplomacy or containment not always help (especially, when you fight against not so diplomatic enemies).
Anyway, as we usually insist on, information sharing among your allies (corporate, state-sponsored or both) is more and more a must. So it seems to derive from initiatives like US Cybersecurity Information Sharing Act of 2015. The only doubt it poses to me is why, most of the times, transparency ends when cyberattacks (or similar) information reaches the Government’s agencies?

Finally, be aware that the unstoppable invasion of IACS by IT is at the core of our economies’ cyber weakness and are the root-cause of most of our cyber problems. (And yes, of course, it is a key driver for our future opportunities, too!).

Deepen these and other topics in our weekly "Newsletter". Subscribe here and enjoy reading!

No hay comentarios :

Publicar un comentario