With the Ukraine invasion, IT- and cybersecurity issues, employee behaviour, and IT effectiveness are becoming increasingly visible as hackers have a field day. These recent and ongoing cyberattacks have been precisely targeted based on multiple sources. With indiscriminate malware technology, all companies must initiate additional safeguards to withstand these attacks and be concerned about cyberattacks on digital targets.
This has become both a kinetic and digital war, with horrifying images and visible cyberattacks on computer networks and internet-based disinformation campaigns. Unfortunately, there is no one-size-fits-all solution; however, we are reviewing some security measures in this blog on protecting corporate assets from cyberattacks and protecting our employees.
There is no such thing as cheap data or IT Security.
To ensure appropriate and adequate IT- and cybersecurity safeguards, the Board of Directors (BoD) and management plays a crucial role in ensuring that the company is managing its cybersecurity risk. The first task is that the IT and Cybersecurity or senior leadership must appropriately prioritise cybersecurity and ensure cybersecurity policies and procedures are in place and appropriately funded. There is no such thing as cheap data.
Companies have various approaches to corporate IT evaluation in methodology and objectives. In setting up the framework. However, in connection with the missing IT, Data, and Cybersecurity element, each IT and Cybersecurity evaluation must contain.
- whether the exercise will identify the IT and data skills in the IT and Cybersecurity composition
- Is there a commitment to IT governance and cybersecurity training and awareness as a compliance exercise?
- Will added IT and data knowledge sustain the performance of the IT and Cybersecurity.
Are the assets compromised in the event of an IT or Cyberthreat or breach?
The traditional IT evaluations based on best practices in the global corporate governance codes do not address the new risks and threats when companies conduct IT and Cybersecurity performance evaluations. IT and Cybersecurity evaluation are vital for improving IT and Cybersecurity performance and dynamics, regardless of the organisation’s size, status, or type. The recommendation is to focus on the enterprise-wide IT risk management framework to address the issues of inadequate staffing and resources to ensure awareness and oversee multiple organisational risks, including IT- and cybersecurity risks.
Most evaluations typically do not include a vital component, and that is the increasing need to understand that IT security, Data Protection, Data Privacy and cybercrime is a risk management issue that affects the entire organisation, and not only does it require the IT and Cybersecurity oversight, but it is an IT and Cybersecurity responsibility.
Although the IT and Cybersecurity of Directors are aware that they need to stay informed about cybersecurity, keeping up with it in the complex, rapidly evolving IT world. Data Privacy and IT Security is often a challenge. All Governance surveys of the IT and Cybersecurity or IT or audit committee members found that only approx. 20% per cent of directors approve that their company has cybersecurity risk well under control.
Therefore, ensure that the following 10 IT- and Cybersecurity components are placed in the following IT and Cybersecurity evaluation.
- Cybersecurity risks are well under control.
- IT executive (CISO) occasionally reports to the IT and Cybersecurity
- Identify the key questions directors should be asking — both of themselves and management
- Highlight the IT and Cybersecuriy’s role in overseeing cyber risk and cyber threats
- Has the IT and Cybersecurity information on acquiring and monetising information on personal data?
- Identify the issues on Business Continuity and IT and cyber threats that can disrupt the business, deliver reputational damage, and impair the value of the enterprise.
- Categorise the areas of regulatory investigations, loss of intellectual property and financial risk from fraudulent transactions
- Have IT and Cybersecurity ensured that there is executive ownership on IT security related to decisions about the latest systems, programs and products?
- Recognise that cyber risk cannot be eliminated, and breaches are inevitable even with the best plans having flaws.
- Review the IT and cyber risk intelligence and mitigation plan and the response plan in the event of a breach.
Allocate resources based on the Data and IT risk appetite and strategic assets
During the evaluation of potential vulnerabilities that the company has to its IT network environment so that the BoD is aware of who can connect and infiltrate the systems, which third parties have access and who approves it and how is the mobile and social media handled as a policy from the IT and Cybersecurity.
Therefore, IT and Cybersecurity must start the IT, Data, and Cybersecurity journey to have the technical capabilities and do not panic or are uncertain when a malicious cyber event in real-time is identified. Additionally, it must be aware of how the penetration testing and response plan in a breach/attack is working and how often the response plan is evaluated to avoid black screens, as many companies have experienced.
With the above, IT and Data focus the IT and Cybersecurity will meet the regulatory requirements and may even be part of the motivation behind the IT security exercises as the primary driver as part of the tone-from-the -top and become a high-performing IT and Cybersecurity, well-suited to anticipate, meet and overcome the challenges ahead.
At the 15th annual GRC and IT Security Summit on the 21st of April, we will go through these issues in more detail. Register here.