A malware or ransom attack can at best slowdown and damage the profitability and reputation of an organization but it can also destroy an unprepared organization altogether. That is why it is essential that companies of all sizes work with the right people, who are well trained, and who have the right tools to be on the task.
Written by guest contributor Edward van Biljon,
How to Convey Cyber Risk to C-Suite Executives
One of the hardest parts of an IT Admin, Security Manager or CISO is to get buy-in from Senior Management regarding Cyber Security and Security for all end users and Servers.
How do you get cyber security across to them so they do not turn you away? The first step to engaging with senior management is to put together a list of cyber threats and facts about the vulnerabilities. Senior management want to see figures, what is it going to cost the business an attack had to happen?
You need to provide figures of what it has cost other businesses when they were hit and demonstrate what a ransomware outbreak means to the business in terms of loss of revenue and IT time and data that is stolen and put on the internet.
You need to provide leadership of the current state of the company and where it stands against cyber threats. Explain in detail what vulnerabilities the company has and how it can impact business operations and provide a way to mitigate those risks.
If there is a business requirement to expand applications to the cloud like CRM Dynamics or SharePoint, they need to be made aware that company data will be moving from the cloud down to the on-premise environment and vice versa. This is a security risk and if they do not implement encrypted connections like a VPN connection or implement two factor authentication on accounts, the data could be compromised. Illustrate what could happen if credit card information was stolen if you are in the financial sector and how this will not only impact the company but everyone that makes use of it.
You as the influencer, need to have a face to face conversation with the C-Suite and illustrate each situation or scenario to them. Some of the execs think about things differently and you will be asked questions based on what you are illustrating. The story you are telling them needs to come across that this is not an IT need to spend more money but this is a business decision and it has to be backed up with facts.
An example of this could be that to be able to connect to the cloud, laptops need to be upgraded to Windows 10 from Windows XP and Windows 7 as these systems pose a big risk on the internet because they are not patched and vulnerable to attack.
You as the influencer, need to have a face to face conversation with the C-Suite and illustrate each situation or scenario to them. Some of the execs think about things differently and you will be asked questions based on what you are illustrating. The story you are telling them needs to come across that this is not an IT need to spend more money but this is a business decision and it has to be backed up with facts.
An example of this could be that to be able to connect to the cloud, laptops need to be upgraded to Windows 10 from Windows XP and Windows 7 as these systems pose a big risk on the internet because they are not patched and vulnerable to attack.
Another example could be that you have outdated hardware like firewalls that are no longer supported, no longer receiving updates and are vulnerable to attack.
Cyber security is the new norm and it is the terminology that the execs will need to understand and use going forward. What this also means is hiring new staff that was never done or needed before, new departments need to be formed and businesses need to align to this. Do not be afraid to engage with other technical staff in the industry, maybe you worked for a company where you knew the security officer and ask them for input on how to protect the data of the business and the company
