Despite recent high-profile attacks and the fact that cyber security incidents caused nearly $17 million of direct financial losses in New Zealand last year alone, most organisations still see it as an ‘IT problem’.
Cyber security expert and former Air New Zealand Chief Information Security Officer (CISO) Michael Wallmannsberger (pictured right) says everyone still looks at the IT team whenever there’s an issue but all business leaders have a role in cyber security.
“Before an incident, nobody wants to listen to the CISO. After the incident, everyone becomes a CISO.
“Often the conversation about security problems turns to who stuffed up but looking for who to blame for these systemic issues doesn’t help respond to them more effectively.
“We need to start thinking of cyber security as a capability rather than just a deliverable.
“This change in attitude is really important because the reality is the cyber security issue has been a long time in the making and is only going to get tougher with time,” Michael says.
But in his experience there are three areas that organisations can work on to help improve their defences and engage the rest of their people more effectively.
- Make it everyone’s issue by managing cyber security threats and responses through a cross-functional group.
- Empower and enable security leaders with the access and influence they need to be effective.
- Reframe the issue with your people by talking less about security and more about the trust currently enjoyed with customers and stakeholders and the resilience of the systems behind the products and services you provide.
CERT NZ Director Rob Pope says expert and easy-to-follow information and advice is freely available whatever the size or shape of an organisation.
“There is a wide range of incidents that can and do happen but we understand that not every organisation or business has enough dedicated resource to address cyber security.
“CERT NZ is one of a number of different agencies who have the know-how to help people.
“Whether it’s technical advice for IT specialists, tips and alerts for businesses owners or the latest on common threats for individuals, help is at hand.
“We operate a ‘no wrong door’ approach which means if there’s someone better placed to help you we’ll point you in their direction.
“The results of cyber security attacks are wide ranging and can include the loss of income, assets or customer goodwill so it’s time we started widening our view of responsibility and seeing cyber security as more than just an IT issue – it’s a business issue,” Rob says.