Cyber RISK in the Boardroom
EXECUTIVE SUMMARY: THE DIRECTOR AS A CYBER RISK
The risk exposure of directors is a complex topic at many companies. Executives and non-executives in particular do not always have their digital hygiene in order. By this, the boardroom presents a cyber risk to its own organization
Your company through the eyes of a cybercriminal
Suppose as of today, you are a cybercriminal. Jacket off, hoodie on. What would be your quickest possibility for success? What is the easiest way to get into a company? Anyone thinking through this scenario carefully, might soon come to a shocking conclusion. The cybercriminal will end up in the boardroom surprisingly fast. After all, hackers prefer the path of least resistance, the place that has the least or ‘most flexible’ security. Strangely enough, that often is the board.
The boardroom as cyber risk
Directors often have access to your company’s most confidential information and wield great influence over strategic decisions and investments. When they share their thoughts, the organization listens, because of their merit and reputation. A director’s reputation is invaluable to their professional future. Unfortunately, that also makes them attractive targets for extortion. Moreover, your independent director may be an executive at another company. An attack on that company may quickly become your organization’s problem, thanks to one compromised director who advises both
6 reasons why directors are an attractive target for cyber criminals:
• Directors have access to highly confidential corporate information – the higher ’in rank’, the more sensitive the information, the higher its worth
• Directors often have mandates at multiple companies
• Directors often use their own (poorly to moderately secure) devices
• The average director has a lower digital maturity than the average desk employee
• Directors want to manage – that is their first (and sometimes only) focus
• For directors, ’reputation’ is extremely important; this makes them vulnerable to extortion
Private is private- the dilemma of the CI(S)O
The Chief Information Officer (CIO) and Chief Information Security Officer (CISO) face a dilemma. They may have a solid understanding of the weakest link (read: the directors cyber risk in the private situation) but addressing it is difficult. The mandate of the CI(S)O does not extend to personal devices and accounts. On the one hand, there is the considerable demand for comfort and convenience to prevail over security. On the other hand, corporate security should not infringe on privacy. What directors do on their smartphones is not within any CxO’s purview.
Prevention as a solution
The CI(S)O will know better than anyone else that prevention often is the simplest solution. Directors need to be secured with all-in digital protection, not only within the corporate limits, but more importantly outside of these. Fortunately, there are numerous ways to better protect the private digital domain. What this requires is a dose of common sense, dutiful digital hygiene, and expert support.
3 reasons why a CI(S)O should get started on personal cyber security for director:
• Corporate security is as strong as the weakest link
• The private domain of directors is a direct risk to corporate security
• Of all directors, the CI(S)O has the best understanding of what the cyber security needs for the organization are
Cyberwolf, leadership secured.
Cyberwolf secures the personal digital lives of company leaders & family offices. As an independent party with a solution built to secure both the company and personal interests, we offer a way out of the convenienceprivacy-security standoff. We’ve got your leaders’ digital backs, 24/7.
Geschreven door Cyberwolf.