Cyber risk management: Top responsibilities of C-level employees this year
The risk landscape in 2018 is changing the way executives look at cyber risk management in their organisations. Here are seven tips on how C-level employees can effectively manage cyber risks in their organisations this year.
Although most companies have invested in IT security solutions to protect their networks and data, these tend to focus on mitigating the most common threats like viruses and malware and fall short of addressing more sinister risks such as fraud, identity theft and espionage.
These are damaging threats that can put a company’s reputation and business continuity at risk and can have serious financial implications. It is only when IT security-related risks are considered as business risks that the relevance of addressing them with proactive, strategic and appropriate solutions really becomes apparent – and this has to come from the top.
“Cyber risks should be treated as business risks and should form part of a company’s overall risk management strategy. This has to be a top-down drive; from C-level employees, for whom the cost of a breach or leak is highest, to everyone else in the organisation that has access to information systems,” says Charl Ueckermann, CEO at AVeS Cyber Security.
Cybercrime is burgeoning rapidly, not only in volume but sophistication as well; while 70% of threats faced by enterprises are known, 30% are unknown, advanced threats that traditional signature-based security technologies alone cannot tackle.1
Cybercriminals are also becoming far more discerning and are targeting their attacks. Though more targeted, they often employ basic methods to implement their attacks. These methods can include social engineering, stealing of employee credentials, imitating legitimate software or even using malware covered by a stolen certificate to infiltrate systems. Ransomware, a type of malware that encrypts data and either prevents or limits users from accessing their systems, is typically targeted at C-level employees as well as departments dealing with sensitive information, such as accounts and human resource departments. These types of advanced, targeted cyber incidents are becoming more prevalent – even in South Africa.
The Next-Gen CIO’s Responsibilities
People, Process, Technology: Taking the Lead from Governance Thinking
“People, process and technology must be integrated. Start with the people first; get the right people in place across the business. For example, bring marketing and HR into the equation, consider their KPIs and work with the IT manager to ensure that there is cross-functional collaboration. For this, CIOs need to be good communicators, have good management skills and be able to inspire, which perhaps weren’t much needed by the solutions-provisioning CIO of the past.
With increased collaboration come additional risks to the business.
“Risk mitigation requires that the CIO, who is encouraging greater collaboration and integration, has governance competencies and good governance measures in place; Calculated, managed changes can then be taken within the governance framework,” says Ueckermann.
Innovating with the Future in Mind: A new skillset
In Gartner’s annual global survey of CIOs, the 2018 Gartner CIO Agenda Survey, 95 per cent of CIOs indicated that they expect their jobs to change or be remixed due to digitalisation. Furthermore, the majority of CIOs surveyed said that technology trends, specifically cyber security and artificial intelligence would change the way in which they do their jobs in the near future.1
Ueckermann agrees to say that CIOs will have to develop a sound understanding of technologies such as artificial intelligence, IoT, robotics, the cloud, advanced analytics and of course, cyber security.
Building Ecosystems of Partnerships
“It is almost impossible to be an expert in all of these. However, the modern CIO should be able to work with partners who have implementation expertise, as well as be able to acquire the relevant skills and resources internally, use them effectively and drive digital transformation. Just as a collaboration between departments within the business has become crucial, so it is has become important for CIOs to collaborate externally with strategic partners. That’s why talent and resource management are also increasingly becoming core competencies for CIOs.”
Change: The Next-Gen CIO’s Ally
With these changes in responsibilities, operationally-focused CIOs could find themselves on the back foot if they are not open to change. They need to embrace and develop new skills sets to keep up with the changing demands of their role.
“Next-gen CIOs have to be adaptable to change, be proactive in their approach and have an appetite for experimenting with and be confident about, implementing diverse technologies to transform the business. Creative, out-of-the-box thinking has become more important within the role of the CIO.
It’s a particularly exciting time to be a CIO
Getting the Youth Involved: The Digital-Savvy Ones
“CIOs must be able to bring together teams of innovative thinkers and creative problem solvers to work together to make IT systems work. Hierarchies can no longer dictate who gets to collaborate. Be open to new ideas and get the youth involved to inspire out-of-the-box thinking; they are the tech-savvy ones,” says Ueckermann.
The Chief Innovation Officer: A Next-Gen Organisation’s Linchpin
He concludes saying that it’s a particularly exciting time to be a CIO.
“CIOs are being given a place at the executive boardroom table, and we are seeing them become trusted business advisors who are in a position to transform organisations and drive value with the use of exciting emerging technologies. They are at the pinnacle of driving innovation and change.”
- Gartner Survey. Retrieved from Gartner: https://www.gartner.com/en/newsroom/press-releases/2017-11-16-gartner-survey-highlights-the-developing-role-of-the-chief-information-officer-india