+
EDITOR’S QUESTION
SUNDI BALU, CIO TELSTRA
ENTERPRISE AND
INTERNATIONAL, TELSTRA
/////////////////
A
s the pace of digitisation increases,
CIOs face a widening set of
cybersecurity threats. More data
and applications are moving to third
party infrastructure in the cloud and the
explosion of connected devices has created
a substantial array of weak spots. It’s no
longer a case of if a business will experience
a cybersecurity incident, but rather a case
of when it will be threatened or disrupted
and how a business is prepared to respond.
Through careful management, CIOs
can balance cybersecurity risks without
compromising business agility.
A great place to start is what we call the ‘Five
Knows of Cybersecurity’:
1.
2.
3.
4.
5.
Knowing the value of your data
Knowing who has access to your data
Knowing where your data is
Knowing who is protecting your data
Knowing how well it is protected
If a CIO can answer these five questions,
they can then make informed assessments
that help in managing the risk. This
approach also shifts the conversation from
technology, to one firmly grounded within
the business and removes the perception
that this is something that only IT needs to
worry about.
This year’s Meltdown and Spectre
vulnerabilities and last year’s WannaCry
ransomware attack provided an indication
of how vulnerable many companies are
to a cybersecurity incident. Within a day,
WannaCry infected over 200,000 computers
in 150 countries and hit organisations
around the world including public utilities
and large corporations.
While attacks like WannaCry serve as a high-
profile reminder for all CIOs, we know that
most attacks are far less sophisticated. These
can include denial-of-service attacks, hacking,
phishing and malware. Something as simple
www.intelligentcio.com
as opening an email attachment or using a
USB of unknown origin can trigger an attack.
It is these seemingly benign vulnerabilities
that underscore why companies must think
of cybersecurity threats as a business risk
and not as a technology risk. In 2018, the
best groundwork CIOs can lay is to make
certain their business leaders understand
the critical part people play in cybersecurity.
At Telstra, we see the ‘human firewall’ as a
powerful defence that must not be forgotten.
After all, it is a person who clicks on a link, a
person who chooses a simplified password, a
person who selects where the data is stored.
For this reason, security requires business
leaders to work together to implement a risk
management framework which continually
evolves to keep pace with the rapid evolution
of technology. The ongoing education and
awareness of employees to mitigate the
threat is an additional lever that needs to
be emphasised. In this digital era, it is not a
matter of risk eradication, but rather one of
risk management and understanding what
these risks mean for both the business and
your customers.
For a CIO to be ready for the next cyber
challenge, they must be prepared to ask
themselves the tough questions. Have they
identified the right risks, are they managing
these risks effectively and ultimately, if they get
it wrong how they will respond and recover?
INTELLIGENTCIO
37