COMMENTARY:
The cyber threats we face today routinely transcend industries, geographic boarders as well as government, military, and business domains. The impact of the aggressive cyber attacks we have witnessed recently, however, have become so substantial that it has now reached priority status in the executive suite.

“C” level executives are now routinely involved when their organizations experience one of these attacks. That is a departure from what we have seen.

Not that long ago a security company uncovered the compromise of a company serving the scientific industry. The security services provider investigated the incident and asked me for advice. We put together a complete incident analysis package including the potential impact on the company’s sales – given that their bill of materials for their products and the internal costs and pricing model appeared to have been accessed and sent off-shore.

This was clearly an act of modern day industrial espionage. A competitor knowing how you build your products and the cost of the materials and components that are used along with how you price your products has a distinct competitive advantage. This is clearly a business issue and requires the attention of “C” level executives.

At a recent executive meeting, a very senior member of the organization’s security team came in to brief the management about a breach. That took about 15 minutes and the individual then left the room. Once the door closed behind him, one member of the executive team turned and looked at me and said, “Would you care to interpret that for us please.”

That statement reflects a great deal about the state of awareness in today’s “C” suites about cyber threats. Cyber security training at the “C” level is critical in the cyber threat environment. However, it is all but absent today!

Executives do not have to be fluent in the latest techno-babble, but they must understand their company’s cyber security posture, risks economic impact and incidents.

Kevin G. Coleman is a long-time security technology executive and former Chief Strategist at Netscape. He is Senior Fellow with the Technolytics Institute, where he provides consulting services on strategic technology and security issues.