Cyber risks have taken center stage in the corporate world. It is estimated that more than 80 percent of organizations have now included cyber risk as one of the top five risks in their risk register. Cyber security has become a key concern for boards and executive leadership.
Recent surveys and research suggest that although visibility at the board level has increased, requisite organizational structures (to support cyber risk mitigation) are still lagging. I believe that is a result of a combination of factors:
1. Cyber security as a domain, being new, has no specific standard format to follow in terms of implementing structures and allocating responsibilities.
2. There is an inherent shortage of resources and the problem is more exacerbated at senior levels.
3. Depth of cyber security knowledge is lacking at the board level.
The apparent disconnect and gap in trust needs to be closed if the cyber threat is to be tackled effectively. Organizations must realize that, in order to have a mature cyber security posture, they need transformational leadership in their cyber security area.
An executive/manager in charge of cyber security in an organization has the unenviable task of influencing the board and the executive leadership group, as well as impacting the security culture across the organization. The cyber security leader does not necessarily need in-depth technical skills, but certainly needs dynamic leadership skills.
What are the skills required for cyber leadership? If you are a board member/executive manager looking to hire a security manager or you are a security manager looking to rise to the challenge, in addition to technical understanding of security, I recommend focusing on getting/developing the following skills:
Original blog sourced from ISACA Now Blog https://www.isaca.org/Knowledge-Center/Blog/default.aspx
By Ashutosh Kapse, Head of Cybersecurity, IOOF Holdings Australia
Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.
Cybersecurity Insights - Attack
No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?
Cybersecurity Insights - People
Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.