|Lens Password by Salvatore Vuono from FreeDigitalPhoto-net.jpg|
What it should do, however, is highlight the gaping hole in the agendas of the executive boards of those multinationals, where the people responsible, ultimately, for corporate governance and recruiting the C-level executives, are unable to ask the right questions of the management and, therefore, unable to determine if the companies are being sufficiently vigilant against the threat of hacking.
An organisation’s IT strategy, which would (should) include cybersecurity, needs to be driven by the business, the organization’s board, rather than from the IT department itself, which would be a case of the tail wagging the dog. The problem is that with so few board members understanding technology, they don’t know what questions to ask – and probably feel that they should be enquiring in to the specification of the firewall, the level of data encryption or the quality of the antivirus package.
|Advice_Image Stuart Miles FreeDigitalPhotos|
And so hacking is for the business to think about, at the highest level, as it goes to the heart of one of the biggest risks modern companies now face. Hacking will happen.
Data is needed to provide products and services for customers and to create competitive advantage. The solution is not to reduce the amount of data held, but to ensure it is properly protected. The boards need to know what questions to ask and whom to ask them of. They need to ask what value the data has on the open (or black) market? What are the potential losses to the organisation if the data is stolen? And how can the organization create a culture where everyone is focused on these questions and is able to raise an early-warning when vulnerabilities are found?