Upskilling in Cybersecurity: A Necessary Skill for the C-Suite Professional in 2021
For years, cybersecurity has been top of mind for the IT department and CISO’s, but with the recent rise in cyber attacks, placing cybersecurity as a priority is everyone's responsibility, especially C-Suite professionals. C-suite professionals have always been a target. Verizon’s 2019 Data Breach investigations report found that C-Level executives are 12 times more likely to be the target of cyberattacks. These findings were prior to the pandemic, prior to remote work and the increase of BYOD, meaning that C-Suite professionals are at even greater risk in 2021. Bad actors know that C-Suite professionals have greater privileges and access to desirable data. So what can C-Level executives do and how are they affected in the current business climate?
First, all C-level executives need to be promoting online security and developing a company culture that places cybersecurity as an important part of daily operations. When CEOs promote cybersecurity and lead the way, company culture shifts. A CEO is responsible for the entirety of a business and it is easy to be distracted by other responsibilities within the company, but a CEO who includes promoting cybersecurity as a top priority is much more likely to take measures to protect themselves from being successfully targeted. However, it is important that CEOs consider how they are bringing awareness to cybersecurity. Most, if not all C-Suite executives already know that 95% (Cybint) of breaches occur as human error, meaning that they are preventable. However, C-Level executives should consider changing the narrative from the employee being the “weakest link” to the idea that the employee has the power to make a difference and protect the company. Using language to empower employees to make a difference helps to motivate staff to contribute to the solution, rather than them being part of the problem.
The COOs need to be cyber aware continues to increase. Awareness is important for their personal protection but also when considering training and onboarding practices. No longer is it acceptable for employees to obtain an online training session on cybersecurity once per year to check off a box in their human resource file. Human behaviour is the root of many cyber breaches and once per year cybersecurity courses will temporarily impact behaviour, but in most cases, users will revert back to old habits in a short time, if ongoing cybersecurity training is not provided. Start with A+ certification training to learn all the foundational knowledge of best practices online. COOs have additional cybersecurity concerns in their role. Cybersecurity should be a consideration for partnerships, logistics and supply chain management. Bad actors are increasingly targeting small to medium-sized businesses in the hopes of gaining access to those in the supply chain that these companies are dealing with. In addition, those businesses that can prove that they are cyber resilient will find developing partnerships much easier.
Chief Financial Officers who are successful realize that cybersecurity is ultimately about finances and falls as much under their jurisdiction as it does the IT departments. After all, cyber breaches are most often financially motivated and new. Verizon considers 71% of data breaches to be financially motivated and the global cost of a data breach is rising with IBM estimating the average cost of a data breach being 3.86 million dollars. Successful CFOs actively consider cost savings and risks of potential breaches. This means that although they do not need to be able to understand the technical side of cybersecurity, they will need to keep up to date on increased threats within their industry, the cost of an incident and how to protect themselves from cyber threats. New digital scams and techniques are being developed by bad actors every day.
CMO’s are perhaps one of the most regularly affected by IT security issues. Downtime can wreak havoc as marketing technologies are one of the largest areas of growth in marketing. The CMO and their teams need to be aware of the signs of a breach and should be the biggest supporters of the CISO in regards to advocating for cybersecurity spending within the organization. Marketing managers and CMO’s know that an impact of a breach can cause significant downtime and challenges to the effectiveness of their marketing efforts.
As a C-Suite professional now is the time to listen and learn. Listen to those who are experienced in the cybersecurity field, to those in your organization, but also to other cyber professionals. When was the last time you had a security audit completed by an outside agency? Ask yourself, when was the last time I enrolled in Continuing Professional Development for Cyber Awareness? CPD Courses help to keep cybersecurity top of mind for everyone. Actively contemplate how cybersecurity affects your departments and how can you work with your IT department? C-Suite executives who work to develop and maintain a positive relationship with the IT department by being proactive will see that their efforts are rewarded.
Rob Sobers (2021). “134 Cybersecurity Statistics and Trends for 2021: Varonis.” Inside Out Security. www.varonis.com/blog/cybersecurity-statistics/.
Read our other blog: The Evolution of Cybersecurity: Part 1