Question

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” Stéphane Nappo, Chief Information Security Officer, Société Générale Discuss the importance of attention to Cyber Security in all areas of the company, including the weakest link (the human), What is the role of top management in preparing a company for a Cyber attack? Use Siemens as an example

Answer 1

The top management play crucial role when it comes to cyberattack and preparing the organization for the same. The four important actions which are taken by senior managers, such as their active involvement in the strategic planning and decision making by providing inputs of the risks involved in case of any losses of IP (intellectual property), customer data loss, business operation disruption, etc.; Ensuring to incorporate cyber security considerations for all products and services and also ensuring at functional level to address same for human resources and in case of any procurement decisions; disclosing of the cyber security priorities in the organization’s public affair agenda; make sure to change the user behavior for example, forwarding of any company related confidential document to personal email; timely communication to employees on protection towards critical information assets; having policies and controls in place for the effective governance; time to time report out of the cyber security program updates, etc. For example, Siemens energy (ACME Power) determined opportunities to detect any of cyber attack by looking into commands (using automated system) which create any thermal stress fatigue, intruder behavior in the system network, signature based monitoring of the malware and use of USB device to be eliminated, common set of cybersecuirty standards across all external stakeholders, etc.