A company executive is an ultimate prize for cybercriminals. Regardless of the industry you work in and how small or big your business is, you need to recognise that you or your organisation are a target. And as an executive in your organisation, cybersecurity is your responsibility.
Cybersecurity is all about understanding, managing, and mitigating the risk to your critical data. Here are the three major cyber risks that board members should know.
Whaling
Whaling is a cyberattack that uses a social engineering email to target a company's senior leaders, usually the C-level executives. For instance, a CEO may receive an email that appears to be from his CFO, whom he knows is on vacation. The email may say, “About to board the plane, urgently need to pay Vendor X or critical shipment will be delayed. Can you send a wire transfer of $1M to the following account number?”
To prevent this, always be wary of unsolicited communication, mainly when it involves sensitive data or critical financial transactions. Additionally, exercise extra caution while publishing and disseminating material on social media platforms. Cybercriminals can utilise information like birthdays, interests, holidays, jobs, promotions, etc., to create more sophisticated emails.
Ransomware
All organisations are at risk of ransomware attacks whether they are from critical infrastructures such as gas pipelines or smaller organisations like schools and departmental stores.
Ransomware is malicious software that blocks a user’s legitimate access to a computer or data until a ransom is paid. This is usually done is by encrypting files with a secret key and then selling that key for ransom.
The most pressing question a board faces is: Should I pay the ransom? Mark Hughes, the president of Security for DXC Technology, suggests gaining as much leverage as possible — and don’t pay the ransom.
The maxim "Prevention is better than the cure" should always be the board's top consideration. Most organisations remain unprepared for ransomware attacks. To help organisations, DXC has put together a Ransomware Defense Guide, which outlines measures to take to minimise the business impact before, during, and after a ransomware attack.
Disinformation
The growth of social media has accelerated the spread of disinformation, or "fake news," allowing hackers, states, activists, disgruntled employees, or competitors to gain an edge by sharing false information to mislead others.
Artificial intelligence technologies can be utilised to alter images, audio, or movies to create convincing deep fakes. The attacks are now so sophisticated that a false report of a CEO dying in a car accident might significantly decline the company's market value. Recently, Elon Musk called off the acquisition of Twitter due to the presence of artificial bots that generate fake news through the platform.
In conclusion, cybersecurity risk is not just a technology issue; it is a business risk that affects the entire enterprise. Like all significant risks, cyber risk and cybersecurity require a culture that drives individual awareness and commitment.