At the recent Board Risk Committee-hosted event, “Threat Briefing: Russia’s War on Ukraine – Actions Boards Should Consider,” Richard A. Clarke, an internationally known expert on cybersecurity, shared specific consequences coming out of the current situation in Ukraine and key actions board directors and the executive team should take to get out in front of risks — especially those that cannot even be imagined because they have never occurred before.
Clarke’s guidance is worth paying attention to — he was the first Cyber Czar for the US Government and author of the first National Strategy for Cybersecurity. As a government official for over 30 years, he served in senior positions in the White House (Special Assistant to the President), State Department (Assistant Secretary), and the Pentagon.
Clarke’s recommendations are based on the reality that history is full of examples reinforcing that people tend to discount or ignore the first occurrence of a threat simply because it has never been seen before, and therefore is hard to imagine and easy to discount its early signals.
Boards and the senior executives they serve must be sensitive to the risk their own behaviors can create, and take the steps to overcome natural, human inaction when there is time to get ready.
Top among Clarke’s recommendations for boardroom and senior executive priorities:
• Ensuring all software is up-to-date
• Looking at the organization’s cyber risk register frequently
• Engaging a managed security services provider (MSSP)
• Increasing the use of multi-factor authentication across the company’s network
• Reviewing backup plans, ensuring backups exist at multiple points and are done frequently
• Leveraging the organization’s DNS to block external threats
• Switching system alerts from “monitor” to “active blocking”
• Deploying an externally sourced threat intelligence team to enhance internal resources
• Educating all employees – “when you see something say something”
• Dusting off the incident response plan and practice it
• Identifying and engaging the data experts throughout the organization who are most likely to spot threats early
• Assigning accountability at the board level for horizon scanning
Managing the unimaginable threats that can bring down a business and harm stakeholders is a space for innovators to bring their special skills.
Photo credit: FLY:D on Unsplash