expert
OPINION
ALAIN SANCHEZ , EMEA CISO AT FORTINET
Alain Sanchez , EMEA CISO at Fortinet , explains why cyber-risk is synonymous with business risk . He emphasises that now , more than ever , it is crucial to engage the board in understanding and addressing cybersecurity risks . For CISOs , securing the board ’ s support is more important than ever before .
How cyber-risks have become business risks
yber-risk is business risk . Anything
C that threatens IT threatens the company . We have become extremely dependent upon our digital assets . As a result , business leaders need to realise the magnitude of the change . The essence of what visionaries have shared with me in the last couple of months shows how much cybersecurity is now a permanent topic of discussion among CISOs and their corporate leadership .
Assessing cyber-risks
Perhaps the most crucial role of the CISO is to rank cyber-risks by order of actual impact . This requires an equal understanding of business and technology , as well as a sense of how objects that were never designed to be secure behave under attack . It is not an easy task , and not only for technological reasons .
Part of this assessment requires understanding the priorities inside the organisation ’ s value chain and securing them accordingly . The second challenge is to look beyond the organisation and see how outside forces may impact it . And among these external forces , we find the compliance framework .
These new laws and regulations are necessary . They protect human beings , intellectual property , and the ability to invent and innovate . From this perspective , compliance standards are good . However , their demands are increasing daily .
This very duality , good and complex , challenges many IT departments . They must ask themselves : How do we integrate legal considerations into what used to be a pure technological battlefield ? The solution is to start from the top .
The board of directors should always have this duality in mind . The more directors know about cyber-risks and government regulations , the better . Consider the European Union ’ s Digital Operations Resilience Act ( DORA ). This legislation is focused on the European banking and financial system . Still , its mindset and practices can be applied outside the financial domain , particularly as risk is a central
WWW . INTELLIGENTCISO . COM 41