Dan Holden, director of Arbor’s Security Engineering and Response Team has been writing on Arbor’s blog to advise how risk management needs to evolve in order to combat cyber-attacks
Assigning responsibility for dealing with IT risk is currently being addressed by assigning risk issues to roles like the CSO, Chief Legal Counsel or a Chief Risk Officer. However, Holden believes that companies need to understand the situational awareness of their risk.
Holden, writes: "They must assess the potential impact on their companies and brands of having private identifiable information about their employees and/or their customers exposed due to a denial of service attack or even a targeted malware attack."
For Holden, the number of cyber-attacks which occurred in 2014, has emphasized the importance of situational awareness.
The breaches at Sony, Target as well as others, resulted in both personal and company information being exposed. This has lead to expensive losses to these companies.
Due to the breaches executives are taking a more holistic view of risk management and this is a positive step for companies, according to Holden. "They increasingly are realizing this isn’t just an IT issue, but also a business issue that goes beyond the technical aspect alone."
"Companies are beginning to understand that the burden of risk management needs to be shared across the executive level."
"Business can no longer apply their risk management pressure to just IT or just the person with a risk title as the "one throat to choke" when something goes amiss."
