According to the British website The Register, in the first half of 2017, 918 data breaches were reported worldwide. Many companies, from multinationals such as Equifax to Facebook -- which has suffered a breach of 87 million users, up to the European Central Bank, are not completely immune to the risks of cybersecurity. This is also confirmed by the European Network and Information Security Agency (Enisa), according to which the complexity of cyber attacks is increasing, especially in view of the anonymity provided by digital currencies and other infrastructures that allow users to circumvent identification.
In this landscape of uncertainty, a major threat is represented by malware (any computer program used to disrupt the operations carried out by a computer, steal sensitive information or access private computer systems). This is because, although the number of attacks has significantly decreased, their techniques are now much more sophisticated.
What can executives and board members do to ensure the security of confidential information now that companies are more and more digitised? Sherpany, a leading company in offering the latest generation of meeting management software for executives and boards, explains how to prevent and manage the phenomenon of cyber attacks in the digital age. The organisation has many years of experience in monitoring and protecting the sensitive data of its customers. It is also compliant with the European and Swiss data protection regulations (GDPR and LPD), and it is ISO 27001 and ISAE 3000 certified. Sherpany ensures its customers the highest international security standards.
"If in the past security and cyber risks were only a threat to financial corporations and governments, they have now become universal, influencing any organisation, whether digital or connected to the Internet. Needless to say, growing security concerns are among the factors that keep executives and board members on the lookout. Any company that aims to effectively understand and assess security and cyber risks needs to have a cyber-risk plan that goes beyond hackers and malware. The plan must incorporate infrastructure security, auditing and control, data protection and mobile service security," explains Marc Walzer, Security Officer at Sherpany.
The European private sector, and in particular the banking sector, have been the main witnesses of this phenomenon. This is the case with Sony's PlayStation Network and UniCredit, bank which last year suffered one of the biggest breaches in European banking security: an unauthorised access to data from over 400,000 customer accounts. In some cases, however, updating your computer system is not enough and, thus, some European organisations have responded with ad hoc rules to prevent security attacks (think about the implementation of the GDPR, EU's regulation on the processing of personal data and privacy).
Who answers in these cases? The CEO is ultimately the one held responsible in front of the board of directors for the management and implementation of the business strategy. However, it is essential that CISOs (chief information security officers) present potential risks and response plans to management and the board of directors, so that they can agree on the appropriate security strategy for the entire organisation (Gartner, a technology and research information company, reports that by 2020 100% of large companies will be invited to report to their board of directors on information security at least once a year).
In addition to working closely with the company's CISO, according to Marc Walzer, it's important to answer these questions:
According to an Accenture report, it's estimated that companies worldwide will lose $5.2 trillion in additional costs and revenue over the next five years due to cyber attacks. The survey, which involved more than 1,700 CEOs and top managers from companies in different countries, shows how cybercrime can compromise business operations, business growth and innovation, as well as, the introduction to the market of new products and services. Progress of the digital economy will be seriously compromised if there is no substantial improvement in security on the Internet (more than half of the executives surveyed (56%) would approve of stricter regulations introduced by government institutions or authorities). In addition, three-quarters of them (76%) believe new technologies, such as the Internet of Things (IoT) and the Industrial Internet of Things (IIoT), helped things get out of control with regard to information security and its protection.
Another interesting fact, which emerges from a report by Ernst & Young, concerns the type of information that most attracts computer hackers: in the first place, we find customer data (17%), followed by financial information and the strategic plans of a company (both at 12%), and user passwords (11%).
"It is essential to act fully and quickly when a breach has been discovered. First, you need to mobilise your incident response team to assess the threat and/or loss. Second, you need to ensure business continuity while protecting the systems that have been attacked. Third, an investigation must be conducted that includes further risk analysis and reporting on the results in the event of an attack. Finally, you need to communicate with all stakeholders, starting with the organisation's top management and board of directors. These steps are not necessarily sequential and can be implemented in parallel," concludes Marc Walzer.
The article appeared in its original version in Forbes Italia.
1. Leyden, John. More data lost or stolen in first half of 2017 than the whole of last year. The Register. September 20, 2017.
2. Honan, Brian. European Central Bank Hacked. CSO. July 31, 2015.
3. Badshah, Nadeem. Facebook to contact 87 million users affected by data breach. The Guardian. April 8, 2018.
4. ENISA Threat Landscape Report 2017: 15 Top Cyber-Threats and Trends.
5. Sirletti, Sonia and Robinson, Edward. Hackers Breach 400,000 UniCredit Bank Accounts for Data. Bloomberg. July 26, 2017.
6. Armerding, Taylor. The 17 biggest data breaches of the 21st century. CSO. January 26, 2018.
7. Takahashi, Dean. Surprise: Sony faces class action lawsuit on PlayStation Network breach. Venturebeat. April 27, 2011.
8. Walls, Andrew. Leading Enterprise Security & Risk. Gartner.
9. A cybersecurity guide for directors. Dentons.
10. EY Global Information Security Survey 2018-19.