BDO’S GLOBAL CYBERSECURITY LEADERSHIP GROUP CALLS FOR BOARD LEVEL ENGAGEMENT TO PROTECT EMPLOYEES
16 May 2017 - For immediate release
The WannaCry globally-coordinated ransomware attack on 12 May 2017 puts the spotlight on the need for a change in organisations’ thinking about Cybersecurity;
The severity, nature and extent of cyber threats is so great that it can only really be addressed at Board level. Executive boards need to immerse themselves in the cyber issue and allocate sufficient resources to identify and ensure the effective management of cyber risks: a Board’s accountability includes the way organisations protect, detect, respond and recover;
Boards have to lift their organisations to the appropriate level of cyber resilience: this means going above and beyond employee behavioural change programmes and IT departments’ technical measures.
Brussels, 15 May 2017 – Last Friday’s attack originated in poorly protected workstations, showing that training employees is necessary but no longer sufficient. Cyber threats are more potent than most executive Boards recognise. Companies do invest in security technology - but discover all too soon that the technology is being persistently undermined by different attack methods.
Traditional information security methods are no longer enough to keep cybercriminals at bay. The severity, nature and extent of the threat has become so great that it should be addressed at executive Board level: here a strategic cyber threat model can be agreed – one that is based on a defence doctrine that takes the traditional ‘protect’ model one step further.
Shahryar Shaghaghi (USA), Head of International BDO Cybersecurity: “Ransomware presents a growing threat to every industry, but healthcare organisations are particularly vulnerable. Their digital transformation came late, and the simple reality is that many IT systems weren’t installed with cybersecurity in mind. Because many hospitals rely on end-of-life technology and may prioritise immediate data access over data security, cybercriminals have found their systems relatively easy to penetrate. Hospitals also don’t have the luxury of time: a ransomware infection that blocks access to critical medical data endangers patients’ health. In a scenario where patients’ lives are at stake, the only feasible option, paying the ransom or not, is an extremely tough dilemma.”
Ophir Zilbiger, Partner at BDO Israel’s Cybersecurity Centre adds: “In a secure environment, executive Boards allocate resources and provide management with the tools to identify cyber risks and apply appropriate mitigation. Cyber-responsible Boards do not just check policy but also oversee and verify the implementation of cybersecurity measures to ensure their effectiveness.” At BDO, our global cyber security leadership group offers several proprietary models for supporting organisations in developing and improving their resilience posture. From establishing compliance and building a proactive approach, through the ongoing development of capabilities and effective security risk management, we work with our clients to quickly attain higher levels of maturity and resilience.
Note to editors
Service provision within the international BDO network of independent member firms (‘the BDO network’) is coordinated by Brussels Worldwide Services BVBA, a limited liability company incorporated in Belgium.
Each of BDO International Limited (the governing entity of the BDO network), Brussels Worldwide Services BVBA and the member firms is a separate legal entity and has no liability for another such entity’s acts or omissions. Nothing in the arrangements or rules of the BDO network shall constitute or imply an agency relationship or a partnership between BDO International Limited, Brussels Worldwide Services BVBA and/or the member firms of the BDO network. BDO is the brand name for the BDO network and for each of the BDO member firms.
The fee income of the member firms in the BDO network, including the members of their exclusive alliances, was US$ 7.6 billion in 2016. These public accounting, tax and advisory firms provide professional services in 158 countries, with 67,700 people working out of 1,400 offices worldwide.
For more information
Photo © Shutterstock