27 May 2022, 10:20 — 4 min read
At the recent Board Risk Committee-hosted event, “Threat Briefing: Russia’s War on Ukraine – Actions Boards Should Consider,” Richard A. Clarke, an internationally known expert on cybersecurity, shared specific consequences coming out of the current situation in Ukraine and key actions board directors and the executive team should take to get out in front of risks — especially those that cannot even be imagined because they have never occurred before.
Clarke’s guidance is worth paying attention to — he was the first Cyber Czar for the US Government and author of the first National Strategy for Cybersecurity. As a government official for over 30 years, he served in senior positions in the White House (Special Assistant to the President), State Department (Assistant Secretary), and the Pentagon.
History is full of examples reinforcing that people tend to discount or ignore the first occurrence of a threat simply because it has never been seen before, and therefore is hard to imagine and easy to discount its early signals.
Clarke’s recommendations are based on the reality that history is full of examples reinforcing that people tend to discount or ignore the first occurrence of a threat simply because it has never been seen before, and therefore is hard to imagine and easy to discount its early signals.
Boards and the senior executives they serve must be sensitive to the risk their own behaviors can create, and take the steps to overcome natural, human inaction when there is time to get ready.
Top among Clarke’s recommendations for boardroom and senior executive priorities:
• Ensuring all software is up-to-date
• Looking at the organisation’s cyber risk register frequently
• Engaging a managed security services provider (MSSP)
• Increasing the use of multi-factor authentication across the company’s network
• Reviewing backup plans, ensuring backups exist at multiple points and are done frequently
• Leveraging the organisation’s DNS to block external threats
• Switching system alerts from “monitor” to “active blocking”
• Deploying an externally sourced threat intelligence team to enhance internal resources
• Educating all employees – “when you see something, say something”
• Dusting off the incident response plan and practice it
• Identifying and engaging the data experts throughout the organisation who are most likely to spot threats early
• Assigning accountability at the board level for horizon scanning
Managing the unimaginable threats that can bring down a business and harm stakeholders is a space for innovators to bring their special skills.
To explore business opportunities, link with me by clicking on the 'Connect' button on my eBiz Card.
Image source: Canva
Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views, official policy or position of GlobalLinker.
Posted byAmy J. Radin
Pathfinder, Catalyst, Change Maker
3 Jul 2023, 11:58
7 Mar 2023, 15:55