B Swaminathan |IMAWS
According to Forbes, at a recent audit committee meeting we were briefed by a ‘Big Four’ accounting firm on cyber-risk. They referenced a two-page notification from the Cybersecurity and Infrastructure Security Agency, sent to Directors on February 25, 2022 urging Corporate Directors to be mindful and prepared for cyber-risks during the evolving Ukraine crisis. It’s highly unusual for a government agency (CISA) to reach out directly to corporate board members. Additionally, on March 9th, 2022 the SEC issued a 129-page cyber regulation proposal.
Days are gone where the IT team needs time to convince their counterparts in finance, facilities and even the board the importance of security budgets. Post pandemic, where organization data is accessed by employees from various places, the top management of various organizations have started realizing the importance of investing in cyber security. “As a CIO, I feel our jobs have become easier. With the change in working culture among the organizations, and the awareness of cyber attacks had increased, leaders in most organizations had started understanding the importance of the data loss.”, says Umesh Mehta, President & CIO of PI Industries. Umesh is also the national president of the CIO Klub association, and feels that many of his CIO peers feel that the job of the IT department has become easier as top management is ready to listen to their views and deeper dialogues happen when it comes to data protection.
Echoing his views, Vijay Anand, Senior Vice President Global IT & IS, Corro Health says “Some of the leading researchers state that Indian organizations’ board members have a unique role in helping their organizations manage cybersecurity threats.
They do not have day to day management responsibility, but they do have oversight and fiduciary responsibility. Don’t leave any questions about critical vulnerabilities for tomorrow.” He also says. ”Asking the smart questions at your next board meeting might just prevent a breach from becoming a total disaster.Many cybersecurity problems occur because of human error”.
Changing responsibilities of a CISO:
According to research 88% of data breach incidents were caused by the mistake of the employees and external stakeholders. Understandably so, given virtually all companies are connected by the internet and most supply chains include small dealers’, distributors and manufacturers, the proposed regulations do not exclude companies based on size.
Srinivasan Mahalingam, Chief Information Security Officer (CISO)Chief Information Security Officer (CISO), C-Square Info Solutions, says that cybersecurity can no longer be the concern of just the IT, Infrastructure, and InfoSec department; it needs to 
be everyone’s responsibilities — including the board members. CISOs should provide board members with information that can help them make the best decisions around GRC and leadership with the intelligence to make ideal decisions. “Cybersecurity is about more than protecting data. To communicate the value of cybersecurity to boards members creating a dialogue to engage leadership and build trust making the story telling and scenarios to make it practice. The new business model CISOs should help board members to create a mentality that cyber security is everywhere. Also, to explain how the cyber-Security team is collaborating with Internal employees/External parties of the industry. CISOs should use metrics to quantify risks and connect it back to the business.”
Days ahead:
In the coming days, experts predict more prominence would be given for cyber security among the top management. The value and significance of information security in enterprises make this a top priority since it protects both the company’s essential business integrity and its customers. No matter how good the information security team and systems are, without strong support from senior management, even the best information security processes can fail. 
“The CEO/CFO and other senior management team members must actively participate in the decision-making process given the stakes involved and the difficult choices that must be made in order to become cyber resilient. Protecting the assets that are valuable to your business is what cybersecurity is all about, so it should be ingrained in everything you do.”, says Sugeesh Subrahmanian, Associate Director – IT Services & Cloud Infrastructure Services Speridian Technologies.
Sonicwall’s commitment for a complete protection:
Debasish Mukherjee, Vice President, Asia pacific and Japan at SonicWall, says, “ At SonicWall, we believe that organizations need to secure their public/private cloud, applications, users, and data with a deep level of protection that won’t compromise network performance. Solutions need to tightly integrate security, management, analytics, and real-time threat intelligence across the company’s portfolio of network, wireless, email, mobile, web, and cloud security products.”
“Today, mobile platforms, remote work, and other shifts increasingly hinge on high-speed access to ubiquitous and large data sets, exacerbating the likelihood of a breach. With the greater importance of the cloud, enterprises are increasingly responsible for storing, managing, and protecting these data3 and for meeting the challenges of explosive data volumes.”, Debasish concluded.
CISO Will Be Business Enabler
Cybersecurity investments must be meaningful, have executive support up to and including the board, and be tightly aligned with business goals. In order to keep our organizations, our employees, our customers’ data and our most valuable digital assets secure, we must rethink the way we all talk about cybersecurity. That’s because without the right conversations, CISOs, CEOs, and board members will struggle to find the optimal spending levels that straddle the line between fiscal responsibility and optimizing security as a business enabler.
THIS ARTICLE IS POWERED BY
