It’s time to bring cyber into the boardroom - Anthony Quinn

While the big organisations make the headlines, this doesn’t mean SMEs are safe. Attacks on these organisations may not receive mass media attention, but this doesn’t make them any less severe. Think catastrophic data losses, reputational damage, the erosion of customer trust, a complete halt in operations, irreparable financial losses and, in the very worst cases, game over.

Boards can no longer ignore this threat. As organisations increasingly take advantage of the internet to improve efficiency and profitability, they risk losing everything when cyber security is overlooked.

Armed with little more than a mouse and keyboard, criminals now have a plethora of avenues to target an organisation. From its employee access to its websites, to its cloud hosted infrastructure to its network and applications, the enterprise attack surface is growing exponentially, and determined cyber criminals are constantly on the lookout for ways to exploit and monetise from vulnerable businesses.

Boards must take heed of this increased threat and be one step ahead of adversaries, otherwise, they will soon find themselves caught out and no one can predict the losses their organisation will endure.

It’s time to bring cyber into the boardroom.

But to improve enterprise cyber resilience, this can’t be achieved when business leaders view security threats as an IT issue.

Business-as-usual is the number one casualty of cyber attacks today, so executives have a duty to elevate cyber out of its historical, murky shadows within the IT department and place it front and centre within all organisational activities and leadership meetings.

Business leaders must champion cyber, stressing and understanding its importance and embedding it into the fabric of their organisation.

It should never be viewed as an IT issue that can be managed with patches and firmware updates. Cyber crime is a survival threat and it needs to be at the top of all board agendas, where it is regularly assessed and managed to help identify and mitigate weaknesses that could jeopardise safe operations.

While business leaders don’t need to fully understand the technical intricacies of cyber threats, they must possess knowledge into how a cyber attack could impact their organisation. This allows them to remediate issues and ensure adequate budgets and resources are allocated towards defences. They must be proactive and work towards objectives to get ahead of attackers. Reaction is futile.

They must also educate their workforce on the importance of cyber hygiene and ensure all employees receive training into security threats, so they keep pace with adversary techniques. This also includes teaching employees about the risks of using weak passwords, educating them on phishing, mandating Multi Factor Authentication (MFA), and promoting the important role every employee plays in safeguarding the organisation against cyber attacks. Cyber resilience is a team sport which starts from the top down. All employees, business leaders and departments are frontline cyber defenders in today’s hostile digital playing field.

It’s time to call everyone into action.

Anthony Quinn, CEO of Acumen Cyber