The “Target” Lesson

Target cybersecurity

 

 Executive Responsibilities

Responsibilities can be divided into three categories: pre-breach (normal operations); breach-response (crisis) mode; and post-breach-response ongoing activities. Initially, boards and corporate executives must get up to speed and understand the challenges, establish the acceptable risk parameters and play an ongoing role in security governance.

Continued attention must be part of monthly and quarterly meetings. Signing off on or just deferring decisions without really understanding the business impacts to these decisions should be considered unacceptable.

IT security executives should work with appropriate parties to collect, analyze and share incident data so defenses and detection can be enhanced. Business and IT executives should also recognize that cybersecurity isnÂ’t just about technology, because the weakest links are people and processes. These gaps should be aggressively pursued and the problems regularly communicated across the organization. Lastly, a crisis-management plan should be put in place as a contingency.

Should a breach occur, itÂ’s imperative that the owner/CEO (preferably) or a very high-level executive that can be viewed as the face of the company get in front of the problem and provide customers assurance that all efforts are being undertaken to resolve the problems, including making customers whole. The details of what should be relayed to customers, employees and stakeholders, and how and when it should be disseminated, should come from the crisis-management plan. A well-executed plan can safeguard the company’s image, retain customer loyalty and protect the company’s finances.

The difference between the post-breach response ongoing activities and the pre-breach cycle is that the company is now far more aware of risk exposures and this heightened awareness tends to influence activities and decision making. This is a good thing, but itÂ’s unfortunate that firms (or key executives) have to go through the wringer before they make cybersecurity a priority.

Getting Ahead of the Issue

Small business owners, board members and corporate executives share the fiduciary burden and accountability for protecting company assets, even if the responsibility is delegated to IT or an outside provider. Today, these executives remain behind the curve in protecting, exfiltrating, discovering, and containing cybersecurity attacks and data breaches. Unfortunately, the frequency and variety of attacks and attack vectors will only increase year-over-year.

All must be aware of the changing challenges, establish and maintain acceptable risk parameters, and play an ongoing role in security governance. IT security executives should work with appropriate parties to collect, analyze, and share incident data so that defenses and detection can be enhanced.

Executives should identify low-hanging initiatives that can be quickly executed, such as improved password requirements, password-change frequency, two-factor authentication, and rapid deactivation of access (cyber and physical) to terminated contractors and employees. Encryption of data at rest and in transit should also be evaluated.

Cybersecurity isnÂ’t a technology issue; itÂ’s a matter of business survival that puts the onus on the board and corporate executives.

Other articles by Cal:

A Walk in the Cloud

Small Business Can Get High Availability From IT

Leasing Contracts: Not All Are Equal

15 Reasons it Makes Sense for IT to Lease

RELATED POSTS

AI and Web3: Unleashing the Power of Decentralized Intelligence

AI and Web3: Unleashing the Power of Decentralized Intelligence

The fundamental definitions of AI and web3 as they stand today By now you have probably heard a lot about the pros and cons of Artificial Intelligence or AI and Web3. In this article, we will explore the relationship of AI and Web3, its implications across various...

Video Gallery

Polls

Sign Up for the Latin Biz Today Newsletter

PR Newswire

Featured Authors

Innovation & Strategy

Money

Talent/HR

Legal

Marketing

Culture

Fashion

Food

Music

Sports

Work & Life

Mindfulness

Health & Fitness

Travel & Destinations

Personal Blogs

Pin It on Pinterest