‘Countering cyber risk presents a significant strategic challenge to leaders across industries and sectors but one that they must surmount in order to take advantage of the opportunities presented by the vast technological advances in networked technology that are currently in their early stages. Over the past decade, we have significantly expanded our understanding of how to build secure and resilient digital networks and connected devices. However, board-level capabilities for strategic thinking and governance in this area have failed to keep pace with both the technological risks and the solutions that new innovations provide.
Boards have a vital governance function, determining overall company behaviour and setting a company’s risk appetite. For boards, action means effectively exercising oversight by asking managers the right questions to ensure that the boards’ strategic objectives are met. This function is no different in the area of cyber resilience. By offering the following principles and tools, the Forum hopes to facilitate useful dialogue between boards and the managers they entrust with the operation of the companies to which they owe their fiduciary obligations.’
Source: World Economic Forum (2017), Advancing Cyber Resilience: Principles and
Tools for Boards,
Assume you have been employed as a corporate governance consultant by a company listed on the Australian Stock Exchange and ranked within the ASX 200. The Chairman of the company has decided to address the issue of cyber security at the company board level.
As an initial step in the process of improving the cyber resilience of the company the Chairman has employed you to prepare a report that critically analyses how the company can best integrate its cyber security and resilience protocols to ensure continued corporate survival and improved business performance. The Chairman has requested that you submit a report providing examples of best practice and a clear set of recommendations on how the company should initiate a cyber resilience policy at the corporate board level. Your report will be tabled at the next board meeting for board members to review and evaluate your recommendations.
Assessment Task 3
The study focus on the issues of the cyber security and resilience in the corporate organisation. Altium has been taken as the corporate organisation to understand the challenges of cyber risk management and also that solutions adopted to overcome the challenges. Altium Limited is an American, Australian public software company that deals with electronic designing software for engineers and the headquarters is in chatswood, New South Wales, Australia. The products organisation sell are Altium designer, vault, circuits’ studio, circuit maker, tasking, and inverter. The organisation was founded in 1985 and has maintained the cyber security throughout the years. The study also focuses on the critical challenges of the organisation and recognising the challenges at the boards' labels with a proper solution are explained in details.
Cyber security and Cyber Resilience:
In today's date, cybersecurity is one of the critical points for every corporate sector. The cybersecurity has evolved as an essential topic in the central boat and core business concern. In the part of computing the security comprises of cybersecurity and physical security which were used by enterprises for protecting against the unauthorised access to data centres which deals with protecting the information technologies of the organisation that maintains the integrity and availability of data (Choucri et al. 2014). Being a resilience strategy and the culture of the organisation should be more tactics as it requires the highest level of mitigating risk proactively. Cyber resilience refers to the ability of the entity for continuous delivery the outcome of adverse cyber events. As it is proliferating so the concept has delivered a potential need of security in the business so that it can provide a security branch during the crisis and also eliminate the new risk.
Being the corporate governance consultant of the organisation Altium, it is important for ask to coordinate with the information system requirements like application security, information security, network security, operational security and individual education. According to the world economic forum's system initiative on the digital economy and Society, the organisation has followed to the Boston consulting group and Hewlett Packard Enterprise to advance the server resonance and meet the challenges faced due to integrating cyber risk which has reduced the growth and sustainability of the organisation.
An issue of cybersecurity at the company board level:
The issue of cybersecurity in the corporate sector is growing and is affecting the technological advances at every stage. The nature of threat systematically has altered the leaders in the business, and the procedures for protecting it is no longer sufficient to subject network security (Brown, 2015). This has created trial and errors or low oversight approach which has become a default for many organisation including Altium. According to the recent survey taken internally in the organisation, it was found that that risk associated with the cyber-attack has increased. According to the study conducted by ISACA and RSA, 82% of boards are concerned about the cybersecurity. The cyber security has affected the engineering, encryption, firewalls, logging tools, analytic tools, and forensic tools of the organisation. One of the standard issues of cybersecurity is increasing of hackers. There are many groups of people who are a cyber gang and are included as rogue nation states.
Challenges faced by the organisation due to cyber security:
In Australia, cybercriminals are growing almost by 25% every year (Sun et al. 2015). The biggest challenge for cyber security on the cyber surveillance faced by Altium and other organisations are explained in this section. The exponential growth of data in the business system which has created a huge issue in the security sensors for protecting the business. The extreme and growing shortage of skilled cyber security personnel and analysing the incidents for this data. The parallel relationship with the terrorism which has helped the attacker to take the inherent advantage of the viruses which are at a higher magnitude.
Alert refinement and automation have created a human challenge however also created a problem for increasing the cybersecurity in the organisation. Malware with worm capabilities has also created a huge issue and has spread rapidly in the many organisation which has affected the cyber surveillance and diminished the security (Brown, 2015). Altium has recently monitor to the cloud configuration and security however the MS configuration has put the data into trouble. Thus, the organisation is trying to remove the challenges and trying to adopt a clear infrastructure so that the organisation do not face an issue in the leakage of data and also prevents the difficulties faced by cybersecurity.
Cyber resilience and the cyber risk management techniques:
The organisation has already faced an analogous situation which has created a potential threat internally as well as externally. The digitalisation adopted in the board of members has contributed a vulnerability analysis of intellectual property which has increased the service attacks. This can eventually damage the profit of Altium, reputation, brand, competitive position and even the viability until it has acquired. To properly disarm the risk and the issue the organisation is planning to adopt a few techniques for controlling the cost and minimising the negative impact on the business.
The techniques can be elaborated with proper logic and application (Mazurczyk et al. 2016). Determining and providing the right amount of defence at a reasonable cost can significantly compromise the practice and culture of the business. The organisation is planning to protect password in every access which will help to keep everything confidential. The company is trying to identify the technology with a mix of firewalls, intrusion detection and prevention system that will stop the data leakage and delete spam by violating the protected communication.
The organisation, Altium is managing the risk in terms of culture, flexibility, ability to innovate and increase the speed of innovation with several protection of passwords (Lagazio et al. 2014). Identifying and mitigating the vulnerabilities that include antivirus software can be lined up correctly in the organisation to block the standard attacks by hackers on the IT system. The layer of protection is vital, and the professional criminals have exploited the human factors to pinpoint vulnerabilities which have helped them to obtain the network. Altium is supposed to determine the data and ensuring the robust differences to access the assets of the organisation.
Integrating cyber security and resilience protocols:
It is very important for the organisation to secure the electric grid from cyber-attack with a proper solution that will solve the issues in the long run. The group in the organisation has included many site assessments for evaluating the existing security controls and identifying the gaps. This will help to prioritise the protocols in the organisation which can be managed by improving in the software. This will drive to maintain the cyber security through product evaluation and DER standard of security in the research of technology and developing it for the organisation (Ngo, & Jaishankar, 2017). The organisation, Altium is undergoing on the research and development to identify the problems and protects against it by designing more resilient environment in the organisation. This step is adopted not only for Altium but also for all the corporate sector.
The organisation had validated the test procedure and recommended to accelerate the courts within the group and maintain a standard development with virtual participation. The cyber security team adopted by the organisation has been through confidential assessments for evaluating the security control in the place and helping our priorities list of action items for the gaps in security control. The organisation is aiming to build the relationship in the software system and also has different the architecture address network security. This has created a network segmentation and has controlled the detection for the viruses in line blocking and endpoint security.
To maintain our residents’ protocols, Altium has opted for Cyber ecosystem approach. It acknowledges the need for protection on the basis of valuable data through a network which will help to acquire efficiency in business to business and business to customer setting (McMahon et al. 2015). The research performed by the organisation has focused on development in the ecosystem of the software used by Altium. It has developed three core principles:
Demand for board-level cyber resilience tools:
The board governance and cyber resilience tool offered by the world economic forum has aimed to focus on the tactics or standards in the management which will eliminate the appetite of the risk in the company (Lavorgna, & Sergi, 2016). Altium is planning to adopt few principles of a board of directors for protecting the cybercrime. Cyber resilience will hold the delicacy of the primary oversight for a particular community. The board members should maintain a certain level of education with an orientation and regular updates. They should also seek external experts for the management assertion.
The accountability official should be responsible for the practical use of resources and IT services which will help to manage the cyber resilience. The board should approach the different assessment of Cyber risk in the organisation for minimising the risk management. Also, a review is very important for determining the risk appetite and seek to quantify an amount of business risk (Wright, 2017). It is important to validate the impact of the risk on board strategy by using the boat cyber risk framework outline for the reporting of cyber threat and the report of Altium. The board of the organisation should recognise the communal nature of Cyber resilience and support the collaboration with other stakeholders in the community as well as the organisation. Ensuring of cyber resilience officer will help to give support in the resources for effective test and refine resilience across the organisation.
Recommendations for initiating cyber resilience
It is recommended to the cyber resilience principles and tool for boards to follow few principles that will help to minimise the risk as much as possible in the organisation (Yu, 2014). The board should focus on delegating the oversight of the committee and introducing the new committee to take the ownership of Cyber risk and resonance. The board should get regular updates about the threat and trend that will focus on the active independent external expert. Altium should ensure that the corporate officials have the capability for managing the cyber resilience which can help to gain the progress of the submission authority. The board should maintain the cyber resilience and risk assessment for bringing efficiency in the business and Enterprise. This will minimise the risk management with budgeting and resource allocation.
There should be an annual meeting to quantify the risk tolerance that will ensure the corporate strategy and risk appetite (Kenney, 2015). This will help the organisation, Altium to meet both the current and future risk by meeting the regulatory requirements and benchmark for the risk appetite. The management should be quantified for emerging trade and events that will validate the on strategic risk assessment and should accumulate with board cycle risk framework for maintaining the risk at a low level. In the context of the above recommendations, it is also recommended to Altium for adopting board cycle risk framework for reviewing the cyber risk quarterly and ensuring that the risk gets detected easily. The board should understand and evaluate the risk tolerance and the business strategy that will lead to medication action and will execute the theme for an associated cost. Also, cyber risk portfolio and management can be compared for understanding the risk tolerance.
The recommendation can be reviewed for the organisation as it will manage all the levels in the organisation (Choucri et al. 2014). It will help to bring awareness to the emerging technology of risk. Resilience can be found by designing the correct Framework for engineers. Accepting all the level of security in each department will be justified. It can reduce the vendor cyber risk management. It will help in the life cycle of the cyber security by maintaining the support and liability of the organisation. Maintenance of the data privacy with different initiatives and encouragement from the higher authority of Altium (Ngo & Jaishankar, 2017). It may bring an ethical consideration, consideration as socially and publicly. Continuous improvements and controlling the new risk is required. It will help to adopt the quick changes as much as possible.
The study has concluded about the challenges and issues faced by the cyber security and cyber resilience into the boards of an organisation. The structure of Altium Limited has focused on the requirement of the board over signed and recommendation to overcome the challenges. In response to the growing concern of cyber security different measures and controls have been adopted in this study which will be effectively used in the organisation for better performance. If concluded most of the organisation are a threat for Cyber-attacks and roughly 18 million current and former Federal employees are affected by the risk. It is very important for the organisation to understand the goal and achieve it with the help of stakeholders and Enterprise.