Executive Briefings

You Can't Avoid Responsibility for Cyber Security Breaches for Long

Are top executives getting a pass on cyber security responsibility? Eric Anderholm, CEO of Sergeant Laboratories, a cyber security firm, believes so. He notes that when the CIO is asked what happened after a breach, the answer is usually, "We don't know." Anderholm notes that answer is often viewed as acceptable, particularly when the CEO is loath to admit that he or she wouldn't understand the clear answer.

You Can't Avoid Responsibility for Cyber Security Breaches for Long

Anderholm is convinced that corporate leaders won't be able to get a grip on cyber security until they start to view it as any other security. They certainly wouldn't accept "we don’t know who they are" if the breach were a physical intrusion. "When there's a breach most people don’t know how it happened, so it's easy to lay blame on some nefarious overseas government, but the breach usually occurs because the organization has weak security," Anderholm said.

When Anderholm visits with a new client, he is continually surprised by the lack of knowledge corporate leaders have about the status of their data. "They don't even know how many machines they have running," he said. "When we hear about 'an attack from overseas,' we’re skeptical. We believe it's their weak security, even though they always think it's someone else’s fault."

Read Full Article

Anderholm is convinced that corporate leaders won't be able to get a grip on cyber security until they start to view it as any other security. They certainly wouldn't accept "we don’t know who they are" if the breach were a physical intrusion. "When there's a breach most people don’t know how it happened, so it's easy to lay blame on some nefarious overseas government, but the breach usually occurs because the organization has weak security," Anderholm said.

When Anderholm visits with a new client, he is continually surprised by the lack of knowledge corporate leaders have about the status of their data. "They don't even know how many machines they have running," he said. "When we hear about 'an attack from overseas,' we’re skeptical. We believe it's their weak security, even though they always think it's someone else’s fault."

Read Full Article

You Can't Avoid Responsibility for Cyber Security Breaches for Long