72.1 F
San Diego
Monday, Jul 22, 2024

Panel Stresses Need, Necessity of Proactive Cybersecurity Measures to Meet Growing Threats

Cyber security concerns have advanced far beyond interruption of service and theft of consumer credit card information and should be a priority of corporate boards, according to members of a panel at the Corporate Directors Forum on Wednesday morning at the Hyatt Regency La Jolla.

Growing concerns include military-grade attacks on everything from theft of research and development information to supply chain information, pharmaceutical formulas and how to manufacture parts for “planes, trains and automobiles,” said Ronald Plesco Jr., who does cyber intelligence and investigations for KPMG LLP’s intelligence and analytics.

The estimated annual loss from security breaches for business in the United States is $100 billion, and U.S. financial services companies are planning on a total average annual loss of $23.6 million associated with security issues, Plesco said.

“On average, it takes 229 days for a corporation to figure out it’s been hacked,” Plesco said. “This is finally on the forefront.”

The panelist agreed that being hacked was a matter of when, not if, and that the risks are getting more severe.

“It’s an infinite treadmill. If you are better protected, they will go after someone else, your competition that is not as protected,” said Shaygan Kheradpir, CEO of Juniper Networks Inc.. “You have to continue to test and plug the holes.

“The business is pivoting into the egress issue more than the ingress issue. How do you limit the impact of the attack? If they want to get in really badly, they probably will.”

Panelists encouraged board members to ensure there is horizontal communication at their companies.

“Is the IT department communicating problems and actions to the board? Is the board communicating key information to the CIO? Your IT department may not understand you have an M&A issue going on and the added concerns from it,” said Andrew Serwin, a partner at Morrison & Foerster LLP, and part of its global privacy and data security practice group.

Firms of all sizes should be encrypting laptops, conducting tests for possible breaches and looking for “out of pattern” behaviors, Kheradpir said.

Directors also should know what the company network looks like — for example if staffers are bringing their own devices to work and plugging into the network.

The Internet of Things only increases risks as more devices track data and plug into corporate networks.

“You don’t want to hear of your Mom’s pacemaker being hacked or people getting company information from my Tesla car,” Kheradpir said.

The panelists agreed that their message sounded alarming, but it should be a wake-up call. According to Serwin, half of companies with revenues of more than $10 billion are not doing advanced cyber security testing.


Featured Articles


Related Articles