{"id":5661,"date":"2024-10-08T09:00:00","date_gmt":"2024-10-08T14:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/it-systems-being-attacked-prepared"},"modified":"2024-10-08T09:00:00","modified_gmt":"2024-10-08T14:00:00","slug":"your-it-systems-are-being-attacked-are-you-prepared","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/08\/your-it-systems-are-being-attacked-are-you-prepared\/","title":{"rendered":"Your IT Systems Are Being Attacked. Are You Prepared?"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

COMMENTARY<\/span><\/span><\/p>\n

This summer, a <\/span>cyberattack disrupted the normal operations of thousands of auto dealerships<\/a><\/span> across the United States, affecting everything from records to scheduling, causing no end to annoyances and leaving hordes of exasperated salespeople and customers at their wits’ end.<\/span><\/p>\n

The most recent and dramatic example of hacker success illustrates that IT security must become the first priority at the highest levels of an organization. This modern-day plague shows no sign of subsiding. With each successful attack, hackers become even more emboldened. <\/span><\/p>\n

It’s an all-out assault, requiring the corporate equivalent of an all-points bulletin. In short, cybersecurity is not just an IT issue; it’s a critical business risk that requires active involvement from the entire C-suite, in particular, the CEO. This is one area of the enterprise that may benefit from micromanagement in an effort to display the importance of the pursuit.<\/span><\/p>\n

My colleagues and I regularly advise our clients that they should be asking three questions of their team: What are we doing? Is it enough? How do we know?<\/span><\/p>\n

Effective cybersecurity requires the right balance of spending and technology value, continuous assessment, and the adoption of advanced technologies such as automation and artificial intelligence. Few regret wise investments in cybersecurity defenses.<\/span><\/p>\n

The increasing frequency and sophistication of cyberattacks underscore the seriousness for executive-level engagement in cybersecurity. Recent incidents, such as the <\/span>SEC’s $10 million fine on the New York Stock Exchange’s parent company<\/a><\/span> and the notorious <\/span>SolarWinds action<\/a><\/span>, illustrate the severe impact on business operations and regulatory compliance. These events highlight the necessity for CEOs to recognize their critical role in cybersecurity. <\/span><\/p>\n

Ascension Healthcare’s ransomware attack<\/a><\/span>, among other prime examples, serves as an object lesson in the urgency of the matter, especially in healthcare. Doctors and pharmacies struggled with order and prescription issues, leading to lost revenue as patients sought services elsewhere, and virtually bringing the massive hospital system to its figurative knees, causing tremendous frustration among staff and patients. This situation underscored the need for technologists to understand business operations and implement security measures that support the business. <\/span><\/p>\n

CEOs must understand that cybersecurity is central to their management duties and not just “tech stuff” to be delegated. They need to receive business-outcome-focused reporting with the same level of rigor as financial and safety reporting. This reporting should answer the above three questions using system-generated metrics and integrate results into business decisions to stay ahead of the increasingly destructive capabilities of adversaries conspiring to do them harm.<\/span><\/p>\n

CEOs set the organizational tone and ultimately are responsible for cybersecurity. Their endorsement of security measures can drive home their importance, ensure alignment with business goals across the senior leadership team, and communicate capabilities to their boards. The following steps are essential for CEOs to prioritize cybersecurity:<\/span><\/p>\n

\n