Board members tackle cyber-security risk as next line of defence

 

With access to a plethora of mobile devices, online channels, and digital platforms, board members worldwide are facing a wake-up call involving cyber-security and protecting sensitive corporate data.

The new reality for time-pressed directors is to tackle cyber-risk, while continuing to communicate securely in an anywhere, anytime, mobile and connected world.

Mirroring global trends, the Asia region is increasingly recognising the importance of cyber diligence, according to Stephanie Wong, Singapore-based Field Marketing Manager, Asia with solutions provider, Diligent.

With a footprint across the financial services, healthcare, manufacturing, and consumer banking space, Diligent has spearheaded awareness around cyber-threats, fiduciary responsibility, and securing sensitive communication.

Diligent’s client base reaches core markets and sectors across Asia, including Singapore, Hong Kong, Malaysia and India. The broader outreach targets North Asia, including China, Taiwan and Japan.

The functionality of Diligent’s offering complements moves to ramp up education and awareness, observes Wong. “Board portal technology caters to small groups of executive users that often have access to confidential information.”

In the connected space, boardroom directors use a range of mobile devices, access points and online channels. Many of these gateways are not necessarily secure, including Yahoo! Mail or Gmail that have been hacked.

“It’s important they have the tools to protect information, for example, during mergers and acquisitions, or the due diligence process,” says Wong.
High-profile cyber-attacks

In the past, network security was regarded as the domain of siloed CIOs or CISOs. With directors coming under increased scrutiny, audits, or share-holder investigations, cyber-security awareness is being catapulted to the top of the agenda.

This trend is marked by improved dialogue between CIOs, CISOs, and board members. “Cyber-security is starting to be a talking point, although more work needs to be done around education and awareness,” notes Wong.

More recently, businesses have faced high-profile cyber-security hacks. This trend impacts shareholder value, sparks regulatory inquiries, and forces a rethink around protecting confidential information.

Boards are addressing the need to tackle cyber-security risk. Proactive planning helps defray potential lawsuits; any perceived breach of fiduciary duties, or failure to maintain internal controls.

In an interconnected business, any oversight risks millions of dollars of potential liability in class-action lawsuits, reputational damage, or loss of consumer confidence and brand trust.

Increasingly, the board is emerging as the next line of defence to prevent and detect risks, before intrusions take hold, and compromise networks or information systems.

Among the considerations, board members need to develop a high-level understanding involving cyber-risks facing the company.
Keynote panel highlights cyber-risks

More recently in Kuala Lumpur, cyber-security in the boardroom came up for discussion at the CIO Leaders’ Summit hosted by Media Corp International.

This keynote panel focused on Cybersecurity in the Boardroom – What role for the CIO/CISO? The discussion was moderated by Thierry Regnier, Vice President of Sales, Asia, for Diligent.

Panellists featured Cheah Kok Hoong, Group CEO at Hitachi Sunway and Information Systems/Chairman, Outsourcing Malaysia (OM) at PIKOM Fazley Rabbi, Head of IT, and Sekar Jaganathan, CIO of Rakuten Trade.

This panel spotlighted findings from a January 2017 Diligent and NYSE Governance Services survey. This survey included responses of 381 directors of public companies on the New York Stock Exchange.

The in-depth survey assessed current communication practices, level of understanding of cyber-security issues, and awareness of any cyber-risk inherent around current communication.

The broader findings were unsettling: among these, nine out of ten directors reported using unsecured, personal email accounts to communicate with one another at least occasionally.  Directors’ personal email accounts include free services such as Yahoo! Mail and Gmail. These types of free email service providers are often targets of hackers and phishers.

 

Security oversight of director communication

When asked how their companies ensure directors are communicating according to best security practices, over 60% of directors acknowledged they had no idea if a security audit was performed on the board’s communications practices.

Over half of the respondents said they were not required to undertake cyber-security training as part of their board service.

Perhaps one of the reasons directors are not receiving better security oversight and support is that few boards rely on the company’s information security team for guidance on the board’s communication methods. Just 9% of respondents said their companies’ CISOs/CIOs played any role in authorising directors’ communications methods.

As Stephanie Wong remarked, “This is regardless of the fact that board members are privy to the most sensitive information their companies own.”

Directors are considered “high-value targets” by hackers and remain at risk for cyber-attacks.  Given their access to sensitive data – information that would fetch a high price among hackers – directors and executives are subject to targeted, strategic phishing attacks.

 

About Stephanie Wong

Stephanie Wong serves as Field Marketing Manager, Asia at Diligent and is based in Singapore. In this capacity, she leads marketing across the region from strategic planning, go-to-markets efforts, corporate communications and demand generation with a focus on pipeline growth. With over 14 years of regional B2B marketing experience, Stephanie has demonstrated competencies in driving awareness and demand with knowledge of the individual markets across APAC, including ANZ and ASEAN. She was awarded Collaborative Team Award (ASEAN Marketing) – for the development and execution of an industry leading marketing program with sales that resulted in the partner recognised as SMB Partner of the Year in 2012, Global and APJ by VMware. Stephanie holds a Bachelor of Commerce, with majors in Marketing, E-Commerce and Information Management from The University of Western Australia.

Why innovation must be initiated from the top rather than be delegated

Chris Tan, Managing Director at CIO Academy Asia moderates the closing panel for the CIO Leaders Summit in Malaysia. The topic of ‘Why innovation must be initiated from the top rather than be delegated’ included panellists Redza Goh, Group CIO PETRONAS and CEO at PETRONAS ICT, Pedro Sttau, CIO of iCar Asia and Noor Azhar Kamaruddin, CIO at Felda Global Ventures Holdings.

 

The panel focused on how Innovation is difficult for well-established companies explain that by and large, they are better executors than innovators and most succeed less through game-changing creativity than by optimising their existing businesses. Since innovation is a complex, company-wide endeavour, it requires a set of cross-cutting practices, people, process and technology to structure, organise and encourage it.

The panel also delved into the current fast-changing environment and how it requires new mindsets with different approaches to IT implementation, where there is more alignment and business value that can be delivered to organisations. And this whole approach must begin from the top!

Cloud Security Assurance Frameworks and Developments

Anthony Lim, Director Asia Pacific, Cloud Security Alliance engages the audience with his position on Cloud Security Assurance Frameworks and Developments

Anthony workshop highlighted to attendees that as enterprise cloud services, adoption and deployments continue to evolve with increased uptake, so to will security issues alongside. Anthony shared a snapshot into the candid look at some of these, and also at what providers like Microsoft, AWS, SingTel, Google et al are doing to ensure continued cyber-safe experience for their clients.

Anthony also shared brief update on Cloud Security Alliance’s working groups such as Blockchain, Quantum computing and SaaS STAR-Watch.

Digitalisation – IoTs & Big Data

Peter Leong, Head of Regional IT APAC Petronas Lubricants International talks digitalisation – IoTs & Big Data

Peter challenged the attendees to consider to what extent are digitalisation initiatives apparent along with comparing the organisations respective Industry and other industries and their current IoTs roadmap within the organisation. Peter raised the question about what major initiatives might be taking place, along with any particular Big Data Analytics going on, platforms being leveraged and at the end of it all, are they are bringing in value?

How are CIOs and CMOs collaborating or competing in a revenue pressured and digitally driven era

The panel discussion on ‘How are CIOs and CMOs collaborating or competing in a revenue pressured and digitally driven era’ was moderated by Anna Gong, CEO at Perx Technologies. Anna was joined by Andy Tan, CIO at HRDF – Human Resources Development Fund Malaysia, Arif Siddiqui, CIO of Standard Chartered Bank, Jason Heng, Head of IT Strategy & Development at YTL Communications and Suthesh Nathan, VP, Group Technology at Maybank.

The theme for the panel focused on Jake Sorofman (Research VP at Gartner) report that highlighted “Marketing is now responsible for critical customer-facing, revenue-generating systems and applications,” the panel discussed that in a digitally-driven marketplace, successful customer engagement, services innovation and revenue generation are top enterprise priorities. As such, CMOs and CIOs are developing greater synergies to more effectively engage customers, accelerate services innovation, and to equip the enterprise to better adapt to ongoing business and IT transformation.  The panel also touched on when marketing spend overlaps with IT spend, how enterprises can better marry the two functions and balance revenue-driving activities with business-enabling infrastructure?

Digital Transformation Requiring Customer Obsession

Frederic Giron, VP and Research Director at Forrester Research engages the audience with the concept of  Digital transformation requiring customer obsession.

 

Frederic explored the idea that digital experiences are the new normal for customers across Asia, empowered by widespread — and in some cases now universal — access to mobile technology. They’re no longer satisfied with poorly coordinated online and offline experiences. He went on to explain that to win and retain these entitled customers, firms must transform, and your leadership team must embrace an operating model for customer obsession. During this session, Frederic gave a strategic overview of the impact that the age of the customer will have on institutions, establish the fundamentals of an operating model for customer obsession, and clarify the specific areas that you need to focus on to transform your organization into one that can consistently deliver experiences that exceed customer expectations and deliver business results.

Leveraging Geospatial Visualization and Analytics

Tim Cheong, Senior Solutions Architect at Qlik discusses the concept of Leveraging Geospatial Visualization and Analytics.

The key take away from this session included a deeper understanding of how crucial geospatial information and hidden geographic relationships can help make better location-related decisions. Watch how companies tap on such information when analysing customer behaviour, drive time calculations and creating what-if analysis scenarios when planning new stores locations.

Digital Transformation and the e-Payment Journey

Arif Siddiqui, CIO of Standard Chartered Bank shares his insight on Digital Transformation and the e-Payment Journey.

Arif delved into the evolution of payments through a national agenda along with the transforming experience and empowering customers. He also talked through the concept of where do we go here – Pay to Mobile and increasing payment in government agencies and GLC along with the National agenda on digital ID and eKYC.

What role for the CIO/CISO

The keynote panel on Cybersecurity in the Boardroom – What role for the CIO/CISO moderated by Thierry Regnier, Vice President of Sales, Asia, Diligent

 

The first panel discussion of the 2017 CIO Leaders Summit Malaysia was moderated by Thierry Regnier, Vice President of Sales, Asia of Diligent. Panellists featured Cheah Kok Hoong, Group CEO at Hitachi Sunway and Information Systems/Chairman, Outsourcing Malaysia (OM) at PIKOM Fazley Rabbi, Head of IT, and Sekar Jaganathan, CIO of Rakuten Trade.

 The topic of discussion was Cybersecurity in the Boardroom and the role for the CIO/CISO. They covered the recent Diligent and NYSE Governance Services survey of about 400 directors of public companies (all on the New York Stock Exchange) on their current communication practices, their level of understanding of cybersecurity issues, and their level of awareness of any cyber risk inherent in their current communication practices.

They shared the eye-opening and unsettling results being:

  • Nine out of ten directors reported using unsecured, personal email accounts to communicate with one another – including systems like Yahoo! Mail and Gmail, both of which recently have been hacked.
  • Over 60% of directors reported that they had no idea if a security audit had ever been performed on the board’s communications practices, and over half told us they have never been required to have any cybersecurity training as part of their board service
  • Only 9% reported that their companies’ CISOs/CIOs play any role in authorising directors’ communications methods, even though board members are privy to the most sensitive information a company owns. Directors are considered “high-value targets” by hackers and are at particularly high risk for cyber-attack.

The data begs the question: what role should the CIO/CISO play in overseeing director communications?

 

 

 

X

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed a leo quis purus feugiat facilisis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Aliquam quis elit tristique, efficitur enim viverra, consequat odio. Duis porta ipsum ut magna dignissim vestibulum. Ut finibus augue nec mi maximus, nec laoreet arcu sagittis. Fusce pellentesque ipsum non lobortis bibendum. Sed consectetur dolor et ligula venenatis facilisis.

http://ohsleaders.com.au/

X

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed a leo quis purus feugiat facilisis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Aliquam quis elit tristique, efficitur enim viverra, consequat odio. Duis porta ipsum ut magna dignissim vestibulum. Ut finibus augue nec mi maximus, nec laoreet arcu sagittis. Fusce pellentesque ipsum non lobortis bibendum. Sed consectetur dolor et ligula venenatis facilisis.

http://ohsleaders.com.au/

X
x
x
Top of Page