Intelligent CISO Issue 54 | Page 41

EXPERT OPINION

Breaking into the boardroom

Jonathan Lee , UK Director of Public Sector , Sophos , discusses the responsibilities of a cybersecurity board leader and offers his top tips in light of this after conversations with public sector IT teams .
Jonathan Lee , UK Director of Public Sector , Sophos
It ’ s no secret that

I security teams are fighting a constant battle against cybercriminals . Their growing entrepreneurialism , combined with evolving techniques and the crypto industry , means they are both more successful and more prolific than ever before – not to mention the fact that capturing cybercrooks operating around the globe is a huge challenge . In the public sector , this challenge is even greater as teams are forced to work with limited budgets and less resource .

In my job , I often speak with public sector organisations about what they can do to strengthen and mature their defences . Sadly , this often seems to be in the wake of a serious cybersecurity incident , as opposed to before one . And this isn ’ t the fault of the security teams in place . Quite often they have pleaded their case to the heads of the organisation for budget to acquire the tools and talent they need before an incident happens . Sadly , these calls fall on deaf ears .
What seemed like a cost saving measure , ends up resulting in a financially crippling attack – not to mention one which also impacts negatively on critical public services . In our latest State of Ransomware report , we found that the average cost of remediation was US $ 1.4 million and the average recovery time from a ransomware attack over a month . For those relying on crucial public services , any level of disruption is too much , but a month can have severe consequences for the most vulnerable in society .
This raises the question of how security teams within the public sector can petition for budget and support for a threat that their business leaders don ’ t necessarily understand ?
Well , the NCSC has increasingly been talking about the need for security to move out of the IT department and into the boardroom to ensure that a good cybersecurity posture is one of the key focuses of any business . But what exactly would the responsibilities of a cybersecurity board leader be ?
Here are my thoughts after conversations with public sector IT teams : www . intelligentciso . com
41