CEOs in the here and now can ill afford to sit back and simply observe the threats facing their cyber security systems. These threats are born both of technological advancement and an unwillingness to bolster defences. In answer to the challenge, executives and company boards alike must first accept they have much to do if they’re to defend against the mounting threat. Cyber security is increasingly becoming an everyday concern – the issue demands that company executives take action and, in doing so, take responsibility for the wellbeing of their stakeholders.
Any response must take into account the fact that these attacks are ongoing, and will continue to evolve far into the future, which effectively means any solution must evolve with them. European CEO spoke to Harri Koponen, newly appointed CEO of SSH Communications Security, about the challenges facing executives in the current climate, and what they can do to educate their workforces about the importance of cyber security.
While a lot of companies still present cyber security as a solution to a problem, we believe that it should be viewed as a business enabler
How can organisations offset the rising threat of cyber breaches?
Organisations need to be aware that cyber breaches are no longer an anomaly, but more an everyday challenge. As companies become more and more dependent on their digital operations, attacks become more complex as well as more frequent. Cyber security needs to become a central part of a firm’s normal operating mode, something that must be taken care of in order to operate on a normal level.
A company CXO needs to be knowledgeable about what’s at stake. Cyber security is not just a question of inconvenience – it has serious repercussions in many ways: the cost of stolen data, fulfilling ever more demanding compliance issues, damage to brand reputation, and, above all, the effects on the organisation and its ability to perform. The more critical cyber security becomes within a company’s infrastructure, the more important it is that it works in a totally transparent, non-disruptive way – part of business as usual. The CXO has a central role in driving this balance: effective security, but not at any price. In fact, a well-designed and executed security strategy will actually become a competitive advantage for the company.
What are the best ways to get a CXO involved?
These issues need to be on the table at both the highest management level, as well as something that gets reported all the way to the boardroom. The top management must be interested in the issue and make sure it gets the proper attention it deserves within the organisation. The CXO needs to set an example, as well as drive the development and adoption of the necessary means. This means they need to be more aware of the issues they must tackle. SSH Communications Security has, in fact, even organised crash courses for CEOs to provide them with some basic education on cyber security.
What’s more, studies show that while policies, services and security products are central to successful cyber security, the real difference is made by attitude. That is, how well people understand and adhere to the policies, how capable they are of following protocol, and other such considerations. There needs to be a corporate culture in which cyber security is at the centre of the common operational mode. CXOs need to be at the vanguard of driving this behaviour, primarily by example. As the issue affects all levels of the organisation, the culture needs to be present throughout the company.
In your opinion, what should organisations focus on when undertaking a new security strategy?
Although the outer perimeter defences, such as next-generation firewalls, are and will remain critical, you need to consider what happens when the perimeter is breached. The bad guys can and will get on the inside, and it is therefore vital for companies to focus their attention on protecting the most critical information flow within their networks. As that flow is mainly admin traffic, as well as file transfers done under the guard of encryption, managing it demands very sophisticated tools and knowledge. So, the rule of thumb is to make sure your perimeter defences are functioning and then focus on protecting the nucleus of your information flow – the encrypted commands and file transfers that are critical to your business.
Can you tell us more about the business benefits of greater CXO involvement in cyber security?
The benefits of greater CXO involvement are many and varied, but above all it is a question of raising the company’s awareness and vigilance regarding the issues at hand. Commitment to uncompromised resolution, as well as a strong focus on the security of the most critical data, is essential. The final benefits lie in the gains to the company: the ability to make confident business decisions and run business in general on a non-disruptive platform. The benefits run all the way to share price increases. It really is an issue that needs the full attention of the both the CXO and all board members. When a company has this, it sets an example within the business at all operational levels.
At SSH, our focus on the flow of business as usual gives us a unique perspective on helping our customers (and CXOs in particular) tackle the issues of cyber security from a perspective most beneficial to their organisations. By turning the tables from limiting access to enabling it, from stopping people to making sure they get their work done as effectively as possible, we turn the focus on enabling companies rather than restricting them. We think that, as cyber security becomes a more central part of business processes, it needs to be rethought completely into a productive part of the process. The bottom line is that we worry about your security so you don’t need to – you can focus on your business.
What sets SSH Communications Security apart from other cyber security providers?
SSH is unique thanks to our long history, and our perspective on business as the inventors of the ubiquitous SSH protocol. What’s more, as well as being a 20-year participant in the development of the industry, we have a definite focus on turning cyber security into a productive part of corporate infrastructure instead of a hindrance This makes us a valuable partner rather than just a supplier.
We understand the overall view of business, and design our solutions so that they enhance our customers’ ability to focus on their actual businesses and their ability to succeed. While a lot of companies still present cyber security as a solution to a problem, we believe that it should be viewed as a business enabler – with the right solutions in place you can actually focus on your business without hindrance and fear.