MT EXPERT: 5 questions you should ask your data security team

Cyber threats are scarier than ever before, says former GCHQ data boss Andrew France. Now is the time for businesses to quiz those in charge of warding off cyber threats.

by Andrew France
Last Updated: 24 Feb 2016

The ousting of Target’s CEO and the fact Morrisons’ CEO had to give up his bonus following recent massive data breaches show just how quickly a company’s reputation—and that of its senior leadership—can be overwhelmed by an attack on its network. With hacking becoming increasingly sophisticated and frequent, we can expect more scrutiny from regulators, shareholders, analysts and the public on what management teams are doing to protect their most valuable information.

As data security moves up the boardroom agenda, Andrew France, chief executive of cyber defence firm Darktrace, explains the top five questions business leaders need to consider to stay prepared.

1. How do you identify your biggest risks?

Risk assessment is a part of day-to-day business today—but how is this done, and how has your risk management strategy changed in response to today’s more advanced tech savvy hackers? A strong governance structure is important to supporting and enforcing this strategy.

2. What are the top 3 threats to the organisation right nowand what are you doing to curb them?

It’s great to have analytics tools that tell you about data breaches. But, when these are producing hundreds of alerts every week, it’s not possible to address them all in a meaningful way. Prioritise to ensure you focus on the most deceptive threats, rather than getting caught up dealing with swathes of minor breaches and false positives. If your team cannot tell you what the top three threats are at any one time, there is a problem.

3. What is your insider threat strategy?

Every employee carries risk, whether they have malicious intent or not. Insider threats can come from a competent user who deliberately misuses their access privileges or one who inadvertently falls victim to a phishing attack. Remember: it’s not just employees that are insiders, but people all along the business supply chain. How effective—really—is your home and mobile working policy? Have you got a clear approach for managing this internal risk?

4. Is the corporate network secure?

Trick question: if the answer you get from your IT department is ‘yes’, you have a problem. Today’s networks are far too complex, porous and interconnected to be able to secure them entirely. While strengthening the network as much as possible is important, companies need to start working on the basis that they will be hacked. They need to adopt strategies that allow them to quickly identify and counter ongoing risk.

5. Do you have the right kind of cyber defence technology within the network?

Networks are far too porous to rely on security around the outside—93% of large UK corporations have been infiltrated. Advanced threats are capable of getting round even the strongest security protocols, changing their methodologies during the attack mission to reach their goal. But all is not lost: next-generation technologies can use machine learning and the most cutting-edge mathematics to adapt to evolving threats in real time. When combined with operational and intelligence expertise, this dramatically improves a company’s ability to act on emerging threats in an efficient and pragmatic way.

- Andrew France, a former deputy director for cyber defence operations at GCHQ, is CEO of data security firm Darktrace.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Want to encourage more female leaders? Openly highlight their achievements

A study shows that publicly praising women not only increases their willingness to lead, their...

Message to Davos: Don't blame lack of trust on 'society'

The reason people don't trust you is probably much closer to home, says public relations...

Dame Cilla Snowball: Life after being CEO

One year on from stepping back as boss of Britain's largest advertising agency, Dame Cilla...

How to change people's minds when they refuse to listen

Research into climate change deniers shows how behavioural science can break down intransigence.

"Paying women equally would cripple our economy"

The brutal fact: underpaid women sustain British business, says HR chief Helen Jamieson.

Why you're terrible at recruitment (and can AI help?)

The short version is you're full of biases and your hiring processes are badly designed....