Cybersecurity should no longer be isolated to tech or IT teams. It needs to be a priority from the boardroom level down
There are many indications that 2021 was another challenging year for cybersecurity. Cyberattacks and data breaches are all on the up and it seems that cyber criminals are getting bolder with every breach. The continuing fallout from COVID-19 leaves many organizations struggling to keep their defenses up in the face of a remote, disparate workforce. Dynamic data centers, distributed workloads, vulnerable endpoints and a complex application landscape make up massively interconnected attack surfaces that are increasingly vulnerable. With the beginning of a new year comes a new focus. My firm belief having been working in the industry for many years is that cybersecurity should no longer be isolated to tech or IT teams. It needs to be a priority from the boardroom level down. To date, CIOs and CISOs have been tasked with cybersecurity. However, given the impact any cybersecurity breach can have on a companies’ customers, brand, employees and its ecosystem, CEOs will need to get educated fast in the cybersecurity measures at their companies. Cybersecurity needs to be a topic on the agenda of any CEO/board conversation. It is no longer question of if a company will be exposed to a breach – it’s a matter of when and where and how you are geared up to respond. Almost a third of all reported data breach victims belong to organizations that operate the manufacturing or healthcare sectors. If you are responsible for cybersecurity of your company in these sectors, you need to act now before your attacker turns their attention to your organization. These two industries remain particularly attractive targets due to the prevalence of valuable personal information on the one hand, and a significant footprint of legacy systems on the other. Other industries are not immune, since attackers do not limit themselves to sector boundaries. No industry has been immune or will be immune from attacks. The messaging and education on endpoint security and phishing attacks has been largely taken up by businesses as a whole.