December - 2015 - issue > CIO Insights
"CIOs & Cyber - What the Boards Needs to Know"
Julie Cullivan, CIO, Fire Eye
'Are we vulnerable to a cyber attack?'
This question may be top of mind for today's Board member, but it's the wrong one to ask. The conversation really needs to begin with two questions - 'How can we decrease our risk of attack?' and 'What should we have in place to manage an attack if it occurs?'
This approach better suits the cyber security environment today, because as we see time & again, breaches will happen despite the best cyber security tools. Boards need to understand that it is simply a matter of time before an attacker gets into their network. With that, they must also recognize cyber security is now an enterprise security issue, and the CIO is often the person who needs to convince them. A breach can do serious damage to an enterprise's reputation, brand, and bottom line - the sooner everyone realizes the entire organization is at risk, the better.
Board members don't need to understand all of the technology behind the defenses; it's not about training them to become engineers. But CIOs and executive staff together need to help Boards understand that there are significant issues from a cyber perspective and that today's sophisticated attackers require enterprises to be proactive rather than reactive.
|
|
More articles from this issue
