What about the privacy of your company’s most vital information?
On Tuesday 9th August, Australians were urged to ‘get online’ to complete the country’s first-ever large-scale digital Census. But in another first, the Australian Bureau of Statistics (ABS) also announced that this time it would be collecting and retaining the names and addresses of every person in Australia until 2020 – for four years as opposed to the previous standard of 18 months.
Subsequently, personal privacy concerns were on the minds of many, including those who argued that the Census would remove anonymity in the process. Politicians including Nick Xenophon spoke out in opposition and a social media campaign to boycott the Census started to gain traction1.
But the concerns expressed weren’t just about personal data privacy and retention; they also highlighted awareness of the growing number of cybersecurity threats facing the general public. What level of protection was being provided for the data? What would happen if the personal information of the entire country were to be breached?
Ever since the Census website crashed on the very night the survey started, it has been impossible to avoid the media storm and the hashtag #censusfail. Was it a cyberattack? Was it poor planning? Inadequate security? What exactly went wrong?
Hitting so close to home, the topic undoubtedly worked to get people thinking about data security.
And what does this mean for businesses? We’ve all heard of the person who leaves their laptop containing sensitive data on the train, or the person who forwards an email to the wrong person or who inadvertently mislays important documents. In June of this year, almost the entire population of Denmark’s unencrypted medical records contained on two CDs arrived at the Chinese embassy due to a postal error!
It’s clear that security in business has never been more important. Paper doesn’t cut it, human error happens all too easily, and even email and shared data servers can be infiltrated.
Debate and investigation around the issue continue, but the exercise should give a valuable signal to the industry: data privacy is on the minds of Australians. Privacy and security matter to them, and awareness is growing.
The correlation between increasing business concerns around data protection and cybersecurity industry growth is clear.
According to the latest figures from analyst firm Gartner, 2016’s worldwide security spend will be dominated by IT outsourcing and security consulting services to generate year-on-year growth of 7.9% and a spend of $81.6 billion.
And as recently reported in CSO.com , “…shortages of cyber security talent will ensure that spending on security remains focused on services such as managed detection and managed response services. Organisations that are more prone to nation-backed hackers and insider threats are finding it difficult to manage the right mix of people and technology to detect and remediate attacks, so they’re seek outside help”.
In light of this, what should a CISO do to ensure they are effectively communicating the importance of security?
In an interview carried out at the Black Hat Conference in Las Vegas recently, Nuix CISO Chris Pogue offered the following advice to security managers:
- Learn how to communicate effectively with various Executives – learn the language a CFO needs to hear, and how it differs from what the Chairman or CEO needs to hear. Make sure your marketing team understands the reputational risks of inactivity, too. Show perspective by highlighting real-life examples of the business effect.
- Hire experienced CSOs or CISOs – make sure the Board understands that they need experienced people in the role.
- Hire a great team – “Hire the crazy, because you need them. Those are the ones who don’t think outside the box, they burn the box and stomp on the ashes. That’s what you want.”
Every day we are seeing new threats appear in the landscape, which are compounded by the risk of plain old human error. Both factors contribute to a growing need for stringent business security, something which poses both a challenge and an exciting opportunity for the enterprise software industry to tackle.
Diligent understands the importance of safeguarding confidential company data, and has designed a solution to protect against the risks of data breach. It is a secure platform designed to streamline board meeting management and to facilitate better board communications.