Cybersecurity continues to be an imminent risk for large companies. Hackers have become more sophisticated in terms of gaining remote access through networks, luring people to give them credentials or even targeting individuals. Furthermore, the needs of the business to communicate more and more electronically have enhanced, and the attack surface has exponentially increased.

 

The truth is that large corporations have much bigger challenges than smaller companies because they’ve already invested in larger infrastructure. Small businesses—and even medium-sized businesses—can easily outsource to a security provider. Meanwhile, many large companies don’t have a good idea of how many web locations they have, how many servers, how many portals. They have to do the cartography of their enterprise, put in firewalls and they need a lot of security products to cover everything. Actors just need to compromise one thing to enter into the network, and companies have to defend every door.

Even two years ago, the board was not very involved in cybersecurity measures. There was no real technical understanding coming out of the era that the cloud was “dangerous.” But when they saw $100 million security breaches, lawsuits and brand issues, the board got concerned.

It’s going to take some time for large companies to migrate to the cloud, and they need a security network that is compatible. But the main thing for the board is to be aware of it, and take it very seriously to ensure that the company can describe what the strategy is to secure the enterprise. The other thing is that you cannot look at cybersecurity independently of IT. They are absolutely together, and at some point the CIO should be responsible for security and provide metrics to roadmap what the company is doing to measure improvement.