A new study by McAfee reveals that, in 2019, cybercrime was responsible for more than $1 trillion in losses worldwide, a 50% increase from 2018. And since the start of the pandemic alone, cybercrime incidents have jumped by 300%.
Yet, when boards of directors are asked about this topic, only one in five members consider cybersecurity a major issue.
To educate your board of directors about IT threats and get it to make cybersecurity a priority, read on.
While cyberattacks are often extremely costly (see sidebar), they also have hidden costs, such as opportunity costs, time and money spent on cybersecurity decision-making, the effect of downtime, loss of productivity, and damage to the company’s brand and image. All of these costs can be avoided if your board of directors makes cybersecurity a top priority. But it still needs to know what the main threats are.
Fraudsters obtain confidential data from employees by establishing a false sense of trust with them. They may pose as a co-worker who needs sensitive information or a technician who asks them to install software.
Scammers are able to lock out an employee’s device or encrypt its data. They demand a ransom for the data, which they threaten to destroy or make public if not paid.
In 2019, the names, addresses and demographic information of 80 million American households were revealed, along with thousands of Facebook passwords. These leaks of confidential data are not the work of a clever hacker. They’re often the result of human error, such as a database administrator inadvertently leaving your information on an unprotected cloud server, or the actions of a malicious employee. Remember that in June 2019, a Desjardins employee stole the personal information of 2.9 million members.
As cloud-based collaboration tools gain popularity, it’s imperative to manage the computing risks associated with them. A simple configuration error can lead to major security breaches. Gartner predicts that by 2025, 99% of cloud security failures will be the fault of cloud service users.
This is a cyberattack from multiple computers simultaneously. Scammers take advantage of a network’s limitations to overwhelm an organization’s computer system with requests. As a result, the system, including the company’s website, become inoperable and no one can access them. Do you offer services or sell products online? If so, you’re a potential target.
The board of directors should also be aware of the significant operational, financial and business disruptions that a cyberattack can cause. What would be the impact of an extended outage or slowdown in operations? What would be the cost associated with the theft of your intellectual property or damage to your reputation? How much would you have to invest to relaunch your operations or regain the trust of customers whose data has been leaked? How would you deal with the litigation that is bound to arise?
The best way to deal with a crisis is to be prepared. Sound IT risk management is the responsibility of the board of directors, whose top priorities are to ensure that the company has a cybersecurity strategy that minimizes vulnerabilities and a robust contingency plan in the event of a cyberattack. It must also see to it that this plan complies with all Canadian regulations regarding privacy breaches and can be deployed quickly and effectively.
Did you know that your company is required to report and document all cybersecurity incidents? To learn more about Bill 64, read this article.
In addition, the board of directors must assign key individuals to implement the plan throughout the organization.
It should be noted that the greatest threat to cybersecurity is not necessarily the prowess of hackers. In the threats mentioned above, it’s often the human factor that causes problems: the ignorance of system users, an underestimation of computer risks, the lack of IT experts, the lack of knowledge of cloud tools, nonexistent policies governing technology use, negligence with updates, etc.
Therefore, it’s important to raise your employees’ awareness of cybersecurity threats and test your procedures within the organization. Training employees in cybersecurity best practices is essential, since they’re your first line of defence.
The Canadian Centre for Cyber Security has produced a guide to Baseline Cyber Security Controls for Small and Medium Organizations. Check it out; it’s a good starting point.
At PIXCELL, we firmly believe that the risk committee of every board of directors should have at least one person who understands cybersecurity issues in order to properly guide the company. This is because in today’s environment, where a cyberattack is more likely than ever, board members need to be prepared and make cybersecurity an organizational priority.
Gain a competitive advantage by surrounding yourself with a world-class team of IT security experts. Your strategic headhunting advisor in Montreal can help you recruit a board member with advanced cybersecurity knowledge, a chief information security officer or any other cybersecurity executive.
In this article, we will provide an objective overview of the SHREK firms and discuss the key characteristics that set them apart.
CFR Global Executive Search is an alliance of independent executive search companies that combine to create one of the world’s most robust recruiting networks — helping members serve clients globally.
The manufacturing and engineering sectors are facing unprecedented hurdles in securing top-tier talent, creating significant executive management recruitment challenges.