fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

4 Ways Security Has Failed To Become A Boardroom Issue

4 Ways Security Has Failed To Become A Boardroom Issue

New research finds that despite being more engaged with cybersecurity, business executives and board members continue to view cybersecurity as a technology domain rather than a business concern.

Somewhere around 2015, the security industry adopted a new mantra, “cybersecurity is a boardroom issue.”  This statement was supported by lots of independent research, business press articles, webinars, local events, and even sessions at RSA and Black Hat crowing about the burgeoning relationship between CISOs, business executives, and corporate boards.

Has anything really changed since then?

To find out, ESG surveyed 365 senior business, cybersecurity, and IT professionals at organizations in North America (US and Canada) and Western Europe (UK, France, and Germany) working at midmarket (i.e., 100 to 999 employees) and enterprise-class (i.e., more than 1,000 employees) organizations.

As it turns out, there’s good news and bad news here.  The good news is that cybersecurity is indeed a boardroom level issue.  The bad news is that we are nowhere near where we should be.  For example:

  • Cybersecurity is still perceived as primarily a technology issue. Twenty-eight percent of respondents believe cybersecurity is entirely a technology area, while 41% say that cybersecurity is mostly a technology area with some emphasis on the business aspects of cybersecurity.  Alarmingly, 11% still think of cybersecurity as a regulatory compliance area alone.  All of this means that boardroom-level discussions about cybersecurity center on things like open software vulnerabilities and numbers of incidents detected rather than securing customer communications, getting employees onboard, or building cyber-resilience into critical applications and business processes.  Same old priorities with a few more discussions. 
  • CISOs are viewed as technologists. While just over half of all organizations consider the CISO a business executive, the other half of organizations still perceive CISOs as an IT role only.  Heck, some firms see CISOs as little more than glorified firewall administrators.  CISOs in this camp get little facetime with executives or boards; when they do, it’s usually to answer questions rather than provide any proactive input. 
  • Cybersecurity remains antithetical to corporate culture. Under half (44%) of organizations claim that employees’ commitment and buy-in to cybersecurity is “very good.”  The other 56% say it is adequate, fair, or poor.  So, while CISOs proclaim that ‘cybersecurity is everyone’s job,’ most organizations aren’t pushing this philosophy to rank and file employees.
  • Business managers have little to no cybersecurity responsibilities. Similarly, only 29% of organizations claim that non-technical managers have cybersecurity responsibilities like classifying sensitive data, aligning employee roles with access policies, or working with cybersecurity managers on business planning.  From my experience, business executives tend to think of these things as checkbox exercises to be done as quickly as possible. 

Also Read: The Importance Of Knowing Personal Data Protection Regulations

This and other data from the report indicates a cybersecurity dichotomy:

Yes, boards and executives are more engaged with cybersecurity, but they retain an “us and them” mentality.  Business executives and boards drive business decisions; CISOs are tasked with bolting on technical security controls and cleaning up messes as they occur.

We weren’t wrong in 2015 when we declared that cybersecurity was a boardroom issue: Based on the ESG research, it appears that after years of neglect, boards and executives finally started paying attention to cybersecurity around 5 years ago.  Since then, the cybersecurity industry has been busy patting itself on the back for any incremental progress. 

If your doctor warned you that you needed to lose 50 pounds, you wouldn’t declare victory when you dropped 5 lbs. after a month.  Unfortunately, that’s what’s happening with cybersecurity in the boardroom and C-suite.  At most organizations, there’s a lot of hard work ahead.

Now, before I come off as Chicken Little, the data also indicates that there are organizations going beyond the basics.  These firms have made significant progress with cybersecurity as an essential component of business mission, culture, and strategy.  Furthermore, some organizations have reaped benefits like stronger security efficacy/efficiency, greater ROI on cybersecurity investments, and improved business flexibility.  What’s their secret?  More on that soon.

Also Read: Deemed Consent PDPA: How Do Businesses Comply?

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us