• Home
  • Blog
  • 5 Cybersecurity Questions Boards Should Contemplate
5 Cybersecurity Questions Boards Should Take Into Account

5 Cybersecurity Questions Boards Should Contemplate

Dec 20, 2022 / Kron

Due to the today's rapid expansion of digitalization and remote working models today, organizations have started to experience an increase in security breaches. Moreover, while preventing cyber-attacks was the task of the network security teams, now the boards of directors are considered as the guardian of corporate data and is held responsible for it.

For this reason, boards of directors should not only put cyber security on their agenda, but also periodically implement cyber security strategies in coordination with corporate leadership. This raises that question in many organizations: What steps can (or should) the board take to protect the company, as well as to minimize damage in the event of a breach?

Deloitte's report, “The Changing Role of the Board in Cybersecurity,” addresses such questions and highlights the importance of a top-down approach in developing organizations that are safer and more resilient. We have compiled five questions for you that companies and boards can consider to develop a more robust attitude in terms of cybersecurity, due to the increase in potential attack surfaces in distributed and remote environments.

  1. Is there a holistic approach to addressing cyberspace issues? 

    Analysis of cyber attacks reveals that it is not only technology breaches that lead to security incidents, but also the abuse of rightminded employees who are not properly prepared for attacks. A holistic approach to cybersecurity requires the active participation of some parties, in addition to the use of appropriate technologies and controls. This includes making every individual in the organization responsible for cyber security and ensuring that they have basic awareness and response techniques for threats.

  2. What are the “precious metals” we need to protect? Do boards review them and make necessary changes? 

    There will always be loopholes in cybersecurity controls as organizations operate in a digital world and threats from adversaries evolve. Therefore, companies need to identify some key assets or “precious metals” and classify them according to their significance. These classifications affect the organization's cyber strategy and help boards evaluate risks that are acceptable, mitigable, or transferable.

  3. Are cyber risk responsibilities well defined at board or management level? Has a strong emergency plan been developed to deal with a cyber breach and the changing risk environment? 

    The development of cyber risks requires interest and attention at many levels, from board and senior management to internal audit, risk management and cyber teams. While the board is responsible for ensuring that cyber strategies are formed and then implemented by leaders, companies need to provide feedback to their boards on the results of these strategies. In addition, it is important for boards to follow the agenda on changing cyber security models. For instance, it may be advantageous to switch from the inadequate castle-and-moat approach to safer methods, such as the more effective zero-trust model. This enables companies to deal with more complex attacks and make informed decisions in real time.

  4. Is there a strategy to follow for identifying the various cybersecurity capabilities and hiring those who have them?

    Updates and changes in the regulatory, legal and compliance environment, and business processes have also increased the skills modern cyber teams must have. There is a serious workforce deficit in cybersecurity. An (ISC)2  study  conducted in 2020 estimated over 3 million open positions. It does not seem possible for organizations to close such a large gap automatically or using outsourcing. In this case, they need to form a multi-faceted cyber culture that will attract and retain professionals. Boards can actively embrace and support a more cohesive effort to recruit people with various talents, thereby benefiting from their unique perspectives.

  5. Has management considered risk in its cyber strategy with third parties, including outsourced IT, cloud service providers, and other partners? 

    As cyber threats become more complex and common, it is of great benefit to businesses to have proactive security mechanisms across the entire organizational ecosystem, including business partners, contractors, and other suppliers, and to ensure that these third parties have a cybersecurity system at an appropriate level.

Organizations that adopt and implement a proactive and top-down cybersecurity approach can reduce risk and gain competitive advantage. Preparing a successful cybersecurity culture is one of the top priorities of boards today. Now, thanks to robust cyber monitoring, companies can foresee innovations and the scenarios that await them, and act confidently in this direction.

Reference: Deloitte

Highlights

Enhancing Cybersecurity with AI-Powered Privileged Access Management

Enhancing Cybersecurity with AI-Powered Privileged Access Management

Mar 20, 2024
Reducing Cyber Insurance Costs with Kron PAM: A Smart Move for Businesses

Reducing Cyber Insurance Costs with Kron PAM: A Smart Move for Businesses

Apr 18, 2024
Unlocking Efficiency: The Strategic Advantages of SaaS PAM in Business

Unlocking Efficiency: The Strategic Advantages of SaaS PAM in Business

May 06, 2024
UK’s Telecommunications Security Act (TSA) Code of Practice

UK’s Telecommunications Security Act (TSA) Code of Practice

May 09, 2024
Exploring PAM Deployment Options and Choosing Between SaaS and On-Premise Solutions

Exploring PAM Deployment Options and Choosing Between SaaS and On-Premise Solutions

May 16, 2024
Elevating Privileged Access Management with Kron PAM and Microsoft Entra ID Integration

Elevating Privileged Access Management with Kron PAM and Microsoft Entra ID Integration

May 23, 2024
Enhancing Security with Kron PAM's Multitenancy: A Game-Changer for Large Organizations

Enhancing Security with Kron PAM's Multitenancy: A Game-Changer for Large Organizations

Jun 10, 2024
Safeguarding Your Business from Misuse of AI with Kron PAM

Safeguarding Your Business from Misuse of AI with Kron PAM

Jun 24, 2024

Other Blogs

Blog
What is Information Security (InfoSec)?

What is Information Security (InfoSec)?

Aug 16, 2022 Read More

Blog
Privileged Access Management in Cloud Security

Privileged Access Management in Cloud Security

Apr 11, 2021 Read More

Blog
Enhancing Security with Kron PAM's Multitenancy: A Game-Changer for Large Organizations

Enhancing Security with Kron PAM's Multitenancy: A Game-Changer for Large Organizations

Jun 10, 2024 Read More

Blog
A New Level of Granularity for Access Management: Privileged Task Automation

A New Level of Granularity for Access Management: Privileged Task Automation

Sep 14, 2018 Read More

Blog
UK’s Telecommunications Security Act (TSA) Code of Practice

UK’s Telecommunications Security Act (TSA) Code of Practice

May 09, 2024 Read More

Blog
Unveiling the Crucial Role of Privileged Access Security and Governance in NIS2 Compliance

Unveiling the Crucial Role of Privileged Access Security and Governance in NIS2 Compliance

Mar 14, 2024 Read More

Contact Us

Contact us to learn more about Kron Technologies' telecom and cybersecurity products.