How can CIOs deal with the cyber threat?

Few people know more about the potential challenges a business can encounter with regards to the fast-emerging technologies used to exploit weaknesses in security defences than Claire Davies MBE.

Few people know more about the potential challenges a business can encounter with regards to the fast-emerging technologies used to exploit weaknesses in security defences than Claire Davies MBE.

 

As a former Security Consultant with the British Forces, Davies has operated as a senior investigator and boasts a hugely impressive strategic background in intelligence management. Such experience gives her a clear awareness of security concerns and she has strong advice for CIOs aiming to deal with the online threat environment.  “It reaches across borders, is anonymous and the technology that underpins the threat continues to develop. There is a huge need for business executives to understand security and CIOs must create an ntelligence-led approach.”

 

Davies suggests the online threat represents a fifth battle space in regards to incident management. Traditional warfare took place on land, before moving to the sea and the skies. Intercontinental satellites controlling missiles provided the context for a fourth generation set in space.  The current battle space is cyber in nature and involves the heightened risk of terrorism via electronic and online means, says Davies.   “The fifth generation represents something different, because portions of cyberspace can be turned on and off cheaply and quickly,” she says. “The physical barriers to entry are very low and there are threats from all potential angles.” Such angles cover a broad spectrum of threats, from kiddie scripters working covertly in their bedrooms, to organised gangs of cyber criminals operating across national borders and on to anti-competitive practices where organisations steal rival firms blue prints. The acts themselves are often politically motivated and are becoming increasingly sophisticated.

 

High profile examples of cyber threats continue to make the news, including hacker collective Anonymous distributed denial of service attack on Sony and suggestions that the FBI is investigating claims that hackers in China have breached the email accounts of American officials.  Davies says:

 

“The onus is on senior IT executives to help ensure the business is as ready as it can be. As the cyber threat increases, security professionals need to be intimately aware of the risk to business intelligence,” she says. “You might not know the specific details, but you’ll be better prepared if you act as if the security threat is coming.”

 

Complacency is simply not an option, due to the confluence of rising bandwidth and the  year-on-year rise in digital information. A large amount of effort seems to be concentrated on preventing the type of data being stolen that could have considerable financial implications.  But addressing the legal consequences of information loss is also crucial, particularlywith regards to the possible breeching of the Data Protection Act. And IT leaders, says Davies, must additionally consider the potential ramifications of a data breech upon the external reputation of the wider organisation.

 

“Maintaining integrity is absolutely crucial,” she says, referring to her work with the British Forces and possible models that CIOs can use to develop an intelligence-led security cycle. The cycle draws on a step-by-step approach to the refinement and development of information security and should include core elements, such as education programmes, regular meetings with internal customers, issue detection methods and security protection techniques.

 

Davies says: “CIOs and their security colleagues must carefully investigate particular threats, exploit information emerging from such analysis and then work to create a strategy that helps the business deal with the ever-changing threat environment.”

 

“Your security approach must be multi-layered and diverse, and the secure systems you put in place must be simple and easy enough for those across the organisation to understand but complex enough to deter even the most determined perpetrator.”

Call us on 0800 731 0144
or, request a callback