Every business executive should take the cyber threat seriously. The risk to corporate networks and intellectual property is growing at an alarming rate – just look at the constant news of successful cyber attacks against even the most sophisticated government and business infrastructures.

There’s no such thing as ‘cyber security’

But many executives still have a problem recognising that while cyber threats are fast-changing and often complex, the techniques needed to meet them are grounded in traditional security disciplines. Far too many executives still fail to realise that while technology is central, managing cyber threats is not just a technical issue.

In fact, a failure of technology is relatively unlikely to be the cause of a successful cyber attack. It’s much more likely that human error (clicking on an infected link, for example) or a malicious individual has allowed a hack to succeed.

This ‘people factor’ is a very significant issue in cyber threat management – what’s the point of Fort Knox if somebody leaves the keys in the lock? This gives credence to the argument that there is no such special discipline as ‘cyber security’, or ‘information security’ for that matter.

To manage cyber threats, we need a holistic security approach which deploys the full range of security techniques, processes and best practices. These will range from technology security to physical and personnel security, security awareness, business continuity, crisis management and so on. Technology is central to managing cyber threats. But executives can make a serious mistake if they simply leave cyber issues in the hands of technologists. A broader approach is crucial.

Apr-Jun 2015 Issue

Internet Security Alliance