In November, a group of board directors hosted a dinner to discuss the threat of cyber attacks and the responsibly that the board must take to reduce risk. Art Coviello, Former CEO or RSA security, led the discussion focusing on key themes and recommendations and later, shared them with the public. The common refrain coming from boardrooms, explains Coviello, is the concern of cybersecurity with an absence of the knowledge to tackle the problem. “While it is important to know what types of hackers are likely to attack your organization and what methods they might use, you first need to understand why you are vulnerable in the first place.”
To summarize the dinner, Coviello gives his top five recommendations for boards of directors:
- Acquire a high level of understanding of how your organization uses technology and potential vulnerabilities.
- Ask for a comprehensive annual review of your security program.
- Have an independent audit conducted.
- Review the breach response plan.
- Bring experts onto the board.
Overall, Coviello stresses the importance of being preventative, through an intelligence-driven approach, rather than taking a reactive “find a hole and plug it” approach.