Cyber Security For C-Suite Executives – Top Ten Challenges
18 October 2019
The C-suite worldwide is increasingly concerned about the growing risk of a massive cyber data breach, like those encountered by capital One, Facebook, Equifax, and numerius government agencies. Thus, C-level executives within all organisations need to understand the value of the information assets they possess, the cybersecurity and privacy related risks, and then factor the benefits of cybersecurity investments and risk variables into their respective business equation.
Simply put, it is vital that C-suite executives adopt a threat-based cybersecurity strategy to understand the cyber threats they are facing, and then make the right investments to mitigate identified vulnerabilities, thereby reducing their cyber liability while also maximising resources.
Due to BDO’s wide range of experience with hundreds of C-suite companies across all industries, the following questions capture the most significant cybersecurity and data privacy challenges worldwide:
- What are the best methods and tools to identify, track and maintain all data/information assets with appropriate information governance, data mapping and cybersecurity?
- How can the C-suite efficiently and cost-effectively verify identities and control information access?
- What are the best tools and practices to ensure compliance of third parties and supply chain partners with evolving cybersecurity and data privacy regulatory requirements in the U.S and internationally?
- What is the nest method to effectively deliver timely cybersecurity and data privacy education and training?
- Should the C-suite invest in acquiring new information security hardware, software and resources to enhance cybersecurity, or is it better to outsource to a proven managed security services provider (MSSP)?
- Who should the C-suite turn to for advice after a major cyber data breach occurs within an organisation?
- What actions should the C-suite take to ensure they are compliant with all current regulatory requirement for their industry and geographic location, as well as all customer contractual requirement?
- What proactive actions can the C-suite take to mitigate insider threats and fraud?
- What is the best approach to ensure an organisation has developed an appropriate continuity plan (BCP)?
- How much cyber liability insurance coverage is sufficient?
In order to combat cyber-attacks and mitigate costly cyber data breaches, BDO recommends a threat-based cybersecurity approach. This strategy is forward looking and uses analysis of a company’s unique threat profile to identify at-risk areas and protect against the most likely types of cyber-attacks that could occur. This requires a multipronged strategy and a range of proactive steps, including:
- Hiring an independent firm to conduct some or all of the following advanced diagnostics;
- Email threat assessment
- Network and endpoint threat assessment
- Vulnerability assessment
- Penetration testing
- Spear-phishing test campaign
- Red-team security software tools assessment
- Hire a dedicated Chief Information Security officer (CISO) who reports to the CEO or General Counsel to Develop a sound cybersecurity and data privacy risk management program tailored to the specific cyber threats facing your organisation.
- Implement advanced software encryption with multi-factor authentication, including biometrics.
- Provide timely and effective cybersecurity education and training programs for the entire organisation, top to bottom.
- Implement a timely and effective software security patch management program.
- Ensure the organisation has developed and implemented a robust information governance program to map, track and secure all data assets.
- Review and periodically test the organisation’s incident Response Plan
- Review and periodically test the organisation’s Business Continuity Plan and Disaster Recovery Plan.
- Conduct or outsource a managed detection and response (MDR) of the organisation’s information systems, networks, endpoints, software applications, and email system using the most advanced machine learning and artificial intelligence applications.
- Verify the compliance of the organisation and all supply chain partners with all cybersecurity and data privacy regulatory requirements by using independent compliance and risk assessment conducted by qualified firms.
Learn More about BDO's Technology Advisory services.
If you wish to get in touch with BDO's IT services, contact us on [email protected].