Many of us would argue it should have been there all along, but cybersecurity just elbowed its way near the top of the corporate agenda –and not only because of recent high-profile security breaches at The New York Times, Facebook, Apple and even Microsoft.
Last month, President Obama energized the national dialogue by highlighting cybersecurity in his State of the Union address and by issuing an executive order that directs federal regulators to provide better cybersecurity for banking, telecommunications, energy and other industries.
While I’m thrilled the federal government is stepping up its efforts, we all know that regulators and legislators cannot resolve every vulnerability. As Michael Daniel, the President’s Cybersecurity Coordinator, makes clear, industry has a significant role to play in this area, as well.
What exactly can the C-suite do to help keep company accounts secure?
As a first step, Daniel urges CEOs to ask their teams these essential questions:
- How is our executive leadership informed about the current level and business impact of cyber risks to our company?
- What is the current level and business impact of cyber risks to our company? What is our plan to address identified risks?
- How does our cybersecurity program apply industry standards and best practices?
- How many and what types of cyber incidents do we detect in a normal week? What is the threshold for notifying our executive leadership?
- How comprehensive is our cyber incident response plan? How often is it tested? How are we continually making it better?
(See a more detailed discussion of cybersecurity risk management in this document provided by the US Department of Homeland Security.)
Now that marketing and technology are inextricably linked, it’s imperative for marketers and IT to begin sharing ownership of cybersecurity strategies and solutions. In today’s “enlightened enterprise,” CMOs need to build strong strategic partnerships with their counterpart CIOs –as well as with others across the organization –so that effective policies can be developed and implemented throughout the organization.
After all, it’s often a “one bad apple” syndrome — vulnerability anywhere in the system can set off a cascade of deleterious events . . . putting everyone is at risk, whether you’re working at a desktop in the office of a Fortune 500 firm or checking reports from your smartphone while waiting at the airport.
(For more about preventing and reporting cyber attacks, check out this cybersecurity tip sheet from the US Department of Homeland Security. Additional information is available from the National Cybersecurity Alliance.)
As I see it, CMOs need to:
Learn. Educate yourself and your team about cyber attacks.
Collaborate. Tear down silos, communicate and collaborate across departments to develop enterprise-wide cybersecurity policies and governance.
Inquire. Learn to ask the right questions. Update your systems. Hire the specialized talent you need to keep your internal networks secure.
Remain vigilant. Cybersecurity is an on-going and evolving issue. Stay attentive and involved.
To that last point, the Obama Administration is asking industry, academia, the advocacy community and all who are interested to contribute in the National Institute of Standards and Technology’s process to develop the Cybersecurity Framework. Visit NIST’s website to view NIST’s request for information (RFI) and to find out how you can participate.
Reposted from Forbes.