Cybersecurity headlines about breaches over the past few years have heightened awareness among companies’ top executives and board members about the risks and threats that are posed — but there continue to be challenges involved in getting them to understand just how significant cybersecurity issues at their organizations are, according to security experts.
Being able to clearly communicate cybersecurity threats to such executives in plain English goes a long way, Chris Taylor, security consultant at Taksati Consulting, said July 24 during a panel session called “How to Talk Cybersecurity to Your C-Suite and Board” at Content Protection Summit East, part of the Media & Entertainment (M&E) Day at the Microsoft Conference Center.
The 2018 M&E Day also included Smart Content Summit East and Entertainment Production in the Cloud (EPIC) conference tracks, providing M&E technology teams valuable insights into the creation, production, distribution, security and analysis of content.
Taylor, who formerly served as director of security architecture at Warner Bros. Entertainment Group, now consults small and medium-sized media and entertainment vendors, he noted.
“In some of the other industries I’ve supported, the boards can be very technologically ignorant and it’s very much a rarity that you get somebody on a board that actually has a security background or even a technology background,” he said.
That’s especially true in the banking and healthcare industries, where he said, “a lot of the board members I was talking to could barely check their emails and I’m trying to convince them why they need to protect themselves from advanced, persistent threats and ransomware and they’re not even sure what those topics mean.”
According to Taylor, “it is vitally important that the person who is going to be presenting to your board be able to speak English — and it seems like such a simple requirement, but it is actually really hard in the tech industry to find someone who can talk about those complex topics in English.”
And “if you can’t properly sell the concept and get their buy-in, then they’re not going to be able to change the culture of their company and actually drive security,” he said.
The other “vitally important thing” when approaching a company’s board is making sure that it is a “top-down drive because if it’s a security engineer coming in from the bottom saying security is important, they’ll never get the resources or the time, the money or the equipment that they need to accomplish what they want,” he said.
On the other hand, he said: “If you can sell the board on the importance of security and why it’s there and how it will protect their business so that it doesn’t cost them more money … then it becomes a top-down driven approach and that security engineer will get whatever resources he needs.”
“It’s also helpful if you can do priority waiting on the tasks and hit” the security initiatives that stand to yield the “most return on investment first,” he explained. If you can implement the top three initiatives first, you can then work on the rest of the top 20 initiatives and beyond, he said.
The discussion also included Robert Fuenzalida, head of regional security for the Americas at Lego Group.
The 2018 Media & Entertainment Day was presented by Microsoft, with sponsorship from IBM Watson Media, Amazon Web Services, IBM, LiveTiles, Microsoft Azure, NAGRA, NeuLion, Ooyala, EIDR, GrayMeta, MarkLogic, Qumulo, Avid, Cloudian, SoftServe and TiVo. The event was produced by MESA, the Content Delivery & Security Association (CDSA), the Hollywood IT Society (HITS) and the Smart Content Council.
Click here for audio of the presentation.