Business leaders: no more excuses for poor cyber security

It goes without saying that business leaders are responsible for the direction their organisations take in their journeys. While there is a long list of responsibilities that come with this level of leadership, cyber safety and security have become one of the lighthouses that C-suite executives see through the fog but, for whatever reason, are having trouble heading toward.

No matter the socioeconomic climate of the world, IT spending is still prevalent for companies. And with the ever-increasing reliance on technology, it is more important than ever for C-suite level executives to prioritise the safety measures that keep their sensitive data protected from cyber threats.?

We know that poor cyber security can have devastating consequences, including financial losses, reputational damage, and data theft. Though it may sound harsh, it has to be said – there is no excuse for leaders not to take the necessary steps to secure their networks.

A quick refresher on today's cyber security threats

Malicious entities (including threat actors) occupy a borderless territory within the business landscape. This layer exists over the top of companies and their information systems, with cyber security solutions serving as the barriers that keep both layers as separate as possible.

Cyber security risks we are forced to deal with today include:

·??????Malware – malicious software that is designed to undermine critical infrastructures and solutions.

·??????Phishing – a form of social engineering where threat actors attempt to gain access to data by tricking recipients of fraudulent messages into disclosing sensitive information.

·??????Rootkits – malicious software that offers cybercriminals administrative powers over a compromised computer.?

·??????Ransomware – malware that encrypts a user’s data and expects a ransom payment from the victim in order to decrypt the data.

·??????Internal threats – malicious actions (both intentional and unintentional) carried out by employees that threaten the technological safety of the organisation.

Realistically speaking, the above list is only a snapshot of what the cyber threat landscape is really capable of. After all, in a game of chess, you're never truly going to know your opponent's move until they make it.?

But the point is this – business leaders are aware of the types of threat actors and risks out there. By this stage of the game, cyber security negligence is grossly unacceptable. As C-suite executives and company leaders, we need to do better.

The ignorance-is-bliss mentality

No one can deny that people who work at the C-suite level have a lot on their plates. We have chief executive officers (CEOs) burning the midnight oil to ensure that strategies are in line with company goals; chief technology officers (CTOs) are managing IT environments... and so forth.

But role descriptions and titles on a resume do not serve as excuses for ignoring cyber threat actors. Reportedly, 26% of IT workers say that among C-suite executives, there is "a lack of willingness to try and understand cybersecurity ... [along with] a simple refusal to want to understand", though only 20% of technology professionals say it is the latter reason. There is some merit to this. Approximately 1 in 5 businesses considered cyber security a non-priority in the last 3 years – a statistic that can make any employee and customer apprehensive.?

This isn't to say that all business leaders are overlooking cyber-attacks and threat actors. After all, companies are still expected to spend billions of dollars on cyber security. But it’s important to remember that IT security is not a one-time expense nor an issue your business is immune to.

The media is filled with stories of cybercriminals exploiting system weaknesses to steal data. Every incident that occurs shuts down the ignorance-is-bless mentality, increasing the need for business leaders to take up the mantle of cyber security leaders within their organisations.

Communication first, technological advancements second

In today's business landscape, it can be challenging to stay connected with our colleagues. Whether it's due to remote work or schedules that leave little time for after-work drinks, a disconnect among members of the C-suite impacts the productivity of the organisation. In the cyber security space, a lack of communication is contributing to lax attitudes toward safeguarding company networks from actors with malicious intent.

For example, 21% of chief information security officers (CISOs) say their companies' "CEO [is] among the three positions with whom they have the least contact". The former oversees the business's cyber security solutions, making sure they are in line with company goals and objectives. The latter is less IT-centric, focused on holding the organisation and its values together.

While every member of the C-suite should be staying abreast of cyber security trends, there is an argument to be made that technology-based C-suite members ought to have more knowledge of cyber safety measures, from specific tools to strategies for responding to data breaches. That view could be an article in and of itself, but to stop us from going off the rails, let's stick with the assumption that C-suite IT positions are the primary drivers of cyber security within an organisation.?

In this case, senior technology professionals would be well aware of the advancements in the IT landscape. They would know how cyber security solutions are being upgraded, the latest threats (from new phishing emails to malware), and how to better protect their organisation from these dangers. With clearer communication, they could work with other members of the C-suite – individual leaders that guide their own departments – to ensure that cyber security is a top priority for the company.

Employee see, employee do, always?

Business 101: employees are loyal to employers that lead by example. C-suite executives that provide clear and concise directions, along with following their own advice regarding processes, demonstrate the desired qualities of a leader. As such, when our team members see us taking steps to protect our systems and data, they are more likely to emulate our actions.

Generally speaking, people turn to their leaders for various reasons:

·??????Direction (and purpose) – they want to feel reassured knowing their efforts will contribute to the company and provide them with financial and job security. Business leaders voice company objectives and make sure everyone is aware of them.

·??????Trust – employees want to know that their leaders are taking the time to understand their individual needs and safeguarding them.

·??????Healthy values – staff want to feel reassured that their leaders are interested in enabling positive values and conducting their work according to ethical and legal standards.

·??????Knowledge sharing – personal growth is essential in business. Our team members look to us for our expertise, and we ought to be willing to share it with them for the benefit of their careers.

·??????Support – work environments can be overwhelming, particularly for staff members who may have recently joined the workforce and are trying to navigate the chaos. Business leaders should serve as the anchor that keeps everyone grounded, strong individuals that people can turn to for guidance.?

We must take these reasons and implement them into our cyber security solutions and practices. Organisations are single entities where decisions at the top directly impact everyone and everything at each level. If C-suite executives are quick to axe a product because it is not benefiting the business, then there is no excuse for not investing in security solutions that can protect the organisation from cyber-attacks and threat actors.

Our IT infrastructures store our data. They keep our procedures operational and maintain the lifespan of our businesses. They can serve as the skeletons that hold our organisations upright; failing to protect them reflects poorly on everyone. But when your job description places you as the face of the business, you are expected to bear the brunt of the criticism regarding security oversights – and anyone who finds themselves in this position best believe that the oncoming wave will be more than a ripple.

C-suite communication: the world's easiest language to learn

C-suite executives across every nation, state, and industry must foster strong communication channels with each other for the betterment of their employees. When business leaders are communicating effectively, cyber security solutions can be enabled faster, and threat actors will have a tougher time keeping up.??

Here's how leaders and executives can improve their communication with each other:

·??????Listen – snap decisions and a lack of understanding create silos. We need to listen to empathise with other perspectives.

·??????Always ask questions – 'what', 'why', and 'how' will help us better understand problems and find solutions.

·??????Be clear – don't use jargon, and explain your views. Plain and simple.

·??????Be intuitive and adapt – we should always respect each other's differences, whether they relate to our backgrounds, personalities, etc. It can be a good idea to determine another person's business personality to tweak how you communicate with them for more fruitful results.

·??????Stick with irrefutable facts – in a field like cyber security, people only respond to data. When executives communicate with each other on digital security, we need to come with facts and figures that highlight the realities of cyber security.?

The corporate cyber security fish stinks at the head

The time for excuses is long gone. Company leaders need to demonstrate actions that mitigate security risks. Once they do this, their employees are sure to follow, resulting in an institution that has a better chance of successfully combatting threat actors.?

Can we all agree with this?