The Chief Cyber Security Officer needs a seat on the Board
All businesses would love to be in a permanent state of absolute certainty, but unfortunately that’s simply not realistic. This is especially true when it comes to cyber security.
Our reliance on technology has meant the digital elements within business have increased hugely over the last few decades. Applications, networks, data and hardware have all developed to aid companies and make them more efficient, but these elements also each come with their own security risks. As we increase the technological elements of companies, we create more cyber security risks. Couple that with a network of digital providers, each with a different understanding of cyber security and it can be impossible to be absolutely certain that breaches have been and will be prevented.
Attacks and breaches
Attacks and breaches can happen at any time and can be deliberate or accidental. Sometimes courses of action are chosen by businesses to make life easier, or keep costs down in the short-term, but can ultimately lead to massive costs. Something like the WannaCry ransomware outbreak, which encrypted data on infected computers and spread rapidly across networks once it had got in through a single poorly-protected machine, cost the UK’s NHS around £92million in lost service and actions to recover. A report on the outbreak highlighted that part of the problem was a lack of co-ordinated cyber security within the organisation.
The challenge of keeping up with new technologies and security techniques is no small matter. While traditionally this would have simply come under the remit of the IT department, now businesses are recognising the need for specialist skills and creating roles specifically for the task.
Most companies now have a CISO (Chief Information Security Officer) and/or CCSO (Chief Cyber Security Officer) either sitting at board level or reporting to a board member. Their responsibility is to assess and manage risk within the organisation to ensure that appropriate precautions are taken to prevent or reduce the impact of breaches, and to have plans to deal with any incidents that do occur.
Not only are they responsible for overseeing the technical security programme across the organisation, they also play a critical education role, ensuring that employees company-wide don’t unwittingly cause a security breach through phishing or social engineering.
Board-level representation is essential for these precautions and plans to be implemented and to comply with legal obligations for reporting incidents.
The skills to succeed
There are currently a huge number of vacant cyber security positions in the UK and a shortage of qualified people with the skills to fill them. This is why the University of York has introduced a new online Computer Science with Cyber Security Masters. The course offers ambitious individuals the opportunity to learn the skills and knowledge needed to start their career in this in-demand sector.
The course introduces key concepts, such as the ability to identify and analyse threats, create high-level security management strategies and understand and evaluate testing. Delivered 100% online and with a choice of start dates throughout the year, the Computer Science with Cyber Security Masters is designed with flexibility in mind; there’s no need to take a career break, so you can earn while you learn and fit your studies around other commitments. There’s also an option to pay-per-module, avoiding large upfront fees.