Boards of directors must take steps to make themselves aware of cyber threats and their organisations’ continuity plans, according to the panel at a recent cybersecurity seminar.
In the wake of the recent Wannacry attack, culpability was high on the agenda and the four-person panel agreed that board members had to take responsibility for cybersecurity and understand the threats faced by organisations in the modern business landscape.
Responding to an audience question Wayne Atkinson, group partner at Collas Crill, said that cybersecurity is a board-level concern: “Certainly for financial services companies, the regulator will say that the buck stops with the board; ignorance of an issue is not a defence. For those with less of a technical background the challenge is to cut through the jargon; boards don't accept legal or accounting advice that is cloaked in jargon for example and they should put the same plain-English requirements to technology advisors.”
Sure’s digital champion Justin Bellinger agreed: “A board member doesn’t necessarily have to understand the technical facts underpinning an attack but they should understand the basics of how attacks work, what the business’ continuity plan is and the impact cyberattacks can have.”
The panel addressed a series of audience questions and concerns such as whether data regulation has gone too far, whether people are the weakest link in an organisation and what the top cyber threats are currently.
Colin Vaudin, the States of Guernsey’s chief information officer, spoke about what the government is doing in response to increased regulation and to protect islanders.
The governments of Guernsey and Jersey are in touch with the National Cybersecurity Centre in the UK to share information and establish a partnership.
Mr Vaudin said: “We’d like to implore local companies to anonymously share information on cyberattacks as this will enable us, as an island, to be more prepared and have more knowledge on the types and frequency of attacks we face.”
The panel agreed that businesses should know their digital supply chains, be aware of where their digital data is being stored and familiarise themselves with the EU’s General Data Protection Regulation (GDPR) which comes into play in 2018.
Johan Dreyer, director of technical services at email security provider Mimecast, said: “You can’t protect against cyberattacks unless you do the basics really well; keep your software up-to-date, use supported systems and install the latest patches. You wouldn’t leave the doors unlocked on your house, so don’t do the same with your cybersecurity.”
The seminar was held at the Digital Greenhouse on Wednesday 14 June.