Founder of IT Governance and CEO at Vigilant Software speaks to Governance and Compliance about cybersecurity threats and how to navigate the landscape
What are the biggest threats and challenges currently facing IT governance?
Compliance and governance are becoming more and more high profile. When the GDPR was introduced, and consumers were receiving dozens or hundreds of panicked emails from businesses they’d shopped with asking to confirm they wanted to stay on the mailing list, that really placed the issue front and centre in public consciousness.
Ultimately this publicity is a good thing, but it does mean that organisations need to focus harder than ever before on transparency and on demonstrating to their stakeholders what they are doing from a governance perspective.
Then there’s the wider cyber threat landscape, where malicious actors are doing a frighteningly good job at scaling their attacks, recruiting others to join them and deploying intelligent malware. Too many businesses are still several steps behind, having conversations about password policy when the threats they are dealing with require a much more sophisticated, multi-faceted defensive strategy.
What techniques have organisations implemented to ensure there is a robust governance structure that covers all aspects of data protection and information security?
It’s all about understanding how technology and people work together to carry different aspects of data protection and information security.
By far the most successful technique used by cybercriminals is still social engineering, tricking people within the organisation into clicking on dodgy links, opening infected attachments or blindly handing over sensitive data.
Filtering and scanning technologies can help a great deal, but they need to go hand in hand with education and training to help people recognise the warning signs. And even then, you can never completely eradicate human error. It’s about having resilience built into your networks, ensuring that, if an incident does occur, you can ascertain exactly what’s happened and recover quickly.
What are some of the biggest changes you have seen in the board room?
Governance, compliance, information security, cyberthreats – these are all issues that have gone from being niche concerns of the IT or security team to genuine top-level management team priorities.
Where it gets really interesting for Vigilant is when those priorities shift from being about simply ticking off a checklist for the regulator or protecting against a particular threat type the CEO read about, to focusing on the governance of IT as a genuine business enabler. That is, using technology infrastructure to help businesses compete and perform at the highest level. That’s the holy grail for us.
How can organisations ensure they keep up to date with changing regulations?
It’s a no easy task. Organisations need to make sure there
are individuals with specific responsibilities for keeping track of
regulatory changes, and they need
a clear internal structure for reporting on those changes. Regulatory compliance should be an agenda item at every board meeting.
We’d also advocate a third-party role in this. The major advantage of a governance and compliance partner is not only that it’s their core job to keep on top of the regulatory landscape, but that they’re doing it for masses of different organisations. You get the advantage of scale and scope.
Looking ahead, what IT methods do you believe will be utilised in the future? Could the boardroom look very different in the years to come?
Artificial intelligence (AI) is getting a huge amount of noise at the moment. Venture capitalists are falling over themselves to get involved, thinking it will solve all problems. That’s probably over-optimistic, but there’s certainly a huge amount of potential there in terms of how to harness data intelligently and how to automate different aspects of security and compliance in a proactive way.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.