Scully Tim
J Bus Contin Emer Plan. 2013;7(2):138-48.
The attitude that 'it won't happen to me' still prevails in the boardrooms of industry when senior executives consider the threat of targeted cyber intrusions. Not much has changed in the commercial world of cyber security over the past few years; hackers are not being challenged to find new ways to steal companies' intellectual property and confidential information. The consequences of even major security breaches seem not to be felt by the leaders of victim companies. Why is this so? Surely IT security practitioners are seeking new ways to detect and prevent targeted intrusions into companies' networks? Are the consequences of targeted intrusions so insignificant that the captains of industry tolerate them? Or do only others feel the pain of their failure? This paper initially explores the failure of cyber security in industry and contends that, while industry leaders should not be alone in accepting responsibility for this failure, they must take the initiative to make life harder for cyber threat actors. They cannot wait for government leadership on policy, strategy or coordination. The paper then suggests some measures that a CEO can adopt to build a new corporate approach to cyber security.
当企业高管们考虑针对性网络入侵的威胁时,“这不会发生在我身上”的态度在行业董事会中仍然盛行。在过去几年里,网络安全的商业领域变化不大;黑客们并未面临寻找窃取公司知识产权和机密信息新方法的挑战。即使是重大安全漏洞的后果,受害公司的领导们似乎也没有感受到。为什么会这样呢?当然,信息技术安全从业者正在寻找新方法来检测和防止对公司网络的针对性入侵吧?针对性入侵的后果是否微不足道,以至于行业领袖们对此予以容忍?还是只有其他人感受到了他们失败带来的痛苦?本文首先探讨了行业网络安全的失败,并认为,虽然行业领袖不应独自承担这一失败的责任,但他们必须主动让网络威胁行为者的日子更不好过。他们不能坐等政府在政策、战略或协调方面发挥领导作用。然后本文提出了一些首席执行官可以采取的措施,以建立一种新的企业网络安全方法。
