The threat of cyber-crime is keeping CEOs around the world awake at night.
Highprofile security breaches of IT systems and business processes are commonplace and every executive dreads the possibility of becoming the next causality.
Kiran Shanmugam,
CEO, ECD Global, which has been the trusted information security partner for many companies around the world, tells Vyas Sivanand about how an organisation should fight cyber-crime.
How serious a threat does cyber crime pose?
No individual or organisation is immune to the risks of identity theft, break-ins to critical infrastructure and breaches in data security policy.
Cyber criminals are building sophisticated apparatus which span geographies, economies, governments and individuals, unleashing their codes for profit, terror, war and espionage.
The damages caused by coordinated cyber attacks have a lasting and devastating impact on a company and people’s privacy which in many cases is irreversible.
Today, if you want to grow your market share, you have to embrace the globally connected digital economy supported by the internet.
Whilst the internet has transformed people’s lives and the DNA of business for the good, it offers rich rewards for those intent on exploiting it.
Can you suggest few strategies to secure oneself from cyber crime?
Security strategies are not about techno geeks huddling and reveling in cryptic discussions about firewalls and anti-virus.
Security strategies have to be aligned to the needs and aspirations of the organisation.
They are insightful, thought-provoking business conversations that articulate in clear businessfriendly language of how the organisation and its people should deal with cyber-crime threats towards the most valuable assets or targets within the organisation.
Progressive strategies tend to be focussed on using security controls to inject the need of IT resilience into the operating environment as well as accommodating much-needed business enabling IT paradigms such as social media, collaboration, consumerisation and cloud computing.
I like a quote I once read, which for me really sums up how information security should be perceived and approached in organisations.
‘Security is like the brakes in a car, not there to stop the car necessarily, but gives the driver the trust and confidence to drive assertively and safely.' There is a clear link between the competency of Boards who take information security seriously and how those companies are able to leverage this for competitive advantage.
It is transforming the values, attitudes and culture within organisations at a time when the lines between social, private and corporate life in the online world are disappearing.
What measures should every CEO take to protect a corporation against cyber-crime ?
I think, the following measures should be adhered to: ■ Make cyber-security a recurring board topic for discussion and consider the threats of cyber-crime to your business ■ Identify key regulatory and compliance requirements that your company is obliged to meet in relation to information risk management ■ Network with Information Security practitioners and professional bodies to collaborate and exchange knowledge and ideas about the current state of cyber security ■ Drive a sustained campaign of awareness and education about the dangers of cyber crime throughout your business - your people are the first line of defense against these threats ■ Conduct a risk assessment of your sensitive business processes, information and IT assets to understand your exposure to cyber-crime and information security related breaches ■ Create a specialist role or task force within your company to address your critical needs in the area of information security provision and protection.