IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Why cyber security risks should be on the agenda for company directors...
Thu, 4th Sep 2014
FYI, this story is more than a year old

Company directors need to be aware of the impact cyber security risks have on businesses and their stakeholders, and must become more educated about how to protect their organisations.

“While business leaders are starting to realise the risks cyber threats pose, all company directors need to ensure they have the right measures implemented," says Armando Dacal, regional director – Australia and New Zealand, Palo Alto Networks.

"Sandbox tools, for example, analyse unknown threats and are a great way to detect a wealth of new intelligence during the process.

“Each day security firms analyse hundreds of thousands of samples that result in the discovery of new malware, vulnerabilities, malicious URLs, or command-and-control servers. Business leaders need to be aware of this as attacks are often designed for a specific industry.”

Palo Alto Networks has identified three key steps for business leaders to include in their board meeting strategy and discussions on cyber security:

1. Establish a firm commitment from the board and executive staff to drive comprehensive cyber security education across the entire organisation.

This will ensure employees are aware and are being reminded of cyber risks and the impact cyber attacks can have on the company.

2. Carry out a network assessment and present the findings in a board meeting. The assessment will deliver complete visibility of all network traffic regardless of what port or protocol is in use, and whether that traffic is encrypted.

Presenting the information to the board will show them cyber concerns and whether any action needs to be taken.

3. Don’t give up on prevention. The board must be reminded of the importance of preventing and protecting against risks rather than just worrying about malware once it has attacked.

An organisation’s security strategy must evolve with a greater emphasis towards detection of advanced threats but not at the expense of the prevention strategy. Detection should be viewed as crucial ingredient for prevention.