The string of damaging data breaches suffered by high-profile companies like Target, Sony Pictures, Home Depot and JP Morgan Chase have helped to elevate the issue of cybersecurity to the C-Suite and board levels. While the mechanics of identifying and remediating attacks may reside with the IT team, cybersecurity has become a company-wide effort that the leadership team must oversee.
With cybersecurity cast in this new light, CEOs need to consider three crucial questions: what must be done to provide security administrators with network visibility to manage both the internal and external security threat, what is the company’s incident response plan, and what will be done to minimize the damage done by the inevitable attack? And, in fact, many Fortune 500 enterprises are forming board cybersecurity subcommittees to answer these questions, translating the cybersecurity discussion into business terms that directors and the C-Suite can digest and act upon.
Another observation I had at RSA is that the cybersecurity discussion is changing. No longer are we talking about if we’ll be attacked and even when we will be attacked. Today, we know that it is very likely that the bad guys are already inside the network…
Original full article here: Cybersecurity lessons for the C-suite