Cyber security starts at the top
When Gartner launched their annual Gartner 2019 CEO and Senior Business Executive Survey, it’s important to understand the top priorities and concerns among surveyed senior executives. After a significant fall last year, growth continues to top the list of CEO business priorities 2020. Apart from concerns about trade regulation and the general economic climate, CEOs are increasingly seeing the need for digital business in order to offer new products and revenue-producing channels, as a way to strengthen their growth. Eighty-two percent of respondents agreed that they had a management initiative or digital transformation program underway — up from 62 percent in 2018.
Lack of Digital Skills in the C-Level Team
For digital business to succeed, the whole executive team must be engaged. However, the survey results showed that CEOs are concerned about some executive roles not possessing strong or even relevant digital skills to meet future growth initiatives. On average, CEOs think that sales, risk, supply chain and HR officers are most in need of becoming more digital savvy.
Once all executive leaders are more comfortable with the digital sphere, the new capabilities needed to execute their business strategies will need to be developed. Rightfully, it’s the CEO that should raise concerns about the lack of digital skills in his/her leadership teams. However, from Check Point’s perspective, this might not only impede growth, but it could potentially introduce risk. If the company’s senior leaders lack required levels of knowledge to make serious technical and digital decisions, then how can they address cyber security issues in a relevant way?
With a leadership team consisting of highly non-technical executives on one side, and more digitally advanced executives on the other, this could increase the risk of miscommunication within the teams. Further, the impasse could lead to real roadblocks that prevent the implementation of a proper strategy that encompasses the right digital priorities, including cyber security.
Lack of understanding can hurt
A survey published by cloud-based controls provider ERP Maestro shows that, while 80 percent of security pros were greatly concerned about security, only 25 percent of C-level managers shared the same concern. When asked about cyber security strategy, 23 percent knew nothing about it.
With the worrying lack of digital and IT skills in the leadership team, it should not come as a shock that, following the massive security attack, Equifax’s former CSO was, in fact, a music composition graduate, with no security degree, according to NBC News. Equifax is one of those breaches that will always serve as an industry case study of the effects on a company of a lack of proper security, and if recent reports are true, it was a nation-state cyberattack.
To be able to outline and implement a comprehensive cyber security strategy, the C-level suite needs to be aligned and comprehend the full scope of this important task. The security awareness also must influence all important decision for the company.
Lead by example
But, another important point, which is often overlooked – C-level executives need to lead by example. This, unfortunately, has been shown to be tricky. A recent Dark Reading article – The Real Reason Why the C-Suite Isn’t Complying with Security – “revealed some interesting insights into how corporate leaders are seeing cybersecurity. The article cited survey results showing 57 percent of infosec professionals globally say key executives are least likely to comply with cybersecurity policies.”
Getting cybersecurity right at the C-level is becoming more paramount. How can you expect employees to trust the leadership team, adhere to their rules, or take security concerns seriously, if they are not?
Increasingly important to priorities cyber security
If this wasn’t enough, executives and members of the c-suite is a growing target for social engineering phishing attacks. This year’s Verizon Data Breach Investigations Report showed that social engineering threats that target the C-suite are up 12-fold in 2019 over 2018 levels. Frequently, the social engineering phishing attacks came in the form of emails that appeared to be from one C-level executive to another. And, since these high-level executives are rarely challenged over their actions in the near-term, they are growing as a target attack vector.
When it is becoming increasingly evident that cyberattacks are costing organizations millions of dollars in lost revenue due to damage to brand value and reputation as well as downtime, cyber security needs to be addressed and taken seriously in all aspects of the leadership team. According to IBM's latest annual Cost of a Data Breach study, the average data breach cost has increased with remarkable 12% over the past five years.
This might also increase as the severity of targeted ransomware attacks is increasing – as seen in 2019’s damaging attacks against U.S. city administrations. Criminals are choosing their ransomware targets carefully, with the aim of extorting the maximum revenue possible.
Make security a top priority
Cyber security needs to be addressed at all levels in the company. From Check Point’s perspective our advice to the C-suite is to prioritize at least the following areas:
Take a holistic approach to security and implement a proactive approach that includes preventative cyber security solutions. With an integrated architecture and centralized management, you can stop both known and unknown threats in real time.
Make cyber security a strategic priority in all business decisions.
Raise security awareness amongst all staff. To stop the fifth generation of advanced attacks, it’s crucial to keep track of current security trends and to take a comprehensive, “Secure Your Everything” approach to protect all attack areas – mobile, client, data center, cloud, network, and IoT systems. We, at Check Point, are fully focused on the future of IT security to keep you, your organization, and customers safe in 2020 and beyond.
To learn more about Check Point, click here.
Check Point will be in attendance at our CIO Event at Said Business School, Oxford University. To learn about this and other CIO events, click here.
 “US charges 4 members of Chinese military with Equifax hack,” by Evan Perez and Zachary Cohen, CNN, February 10, 2020