03 October 2007

New Risks Require CEO Action: Beyond Awareness...

Here was our favorite question sitting in the room at the National Press Club this week during a "Deja Vu" moment, as the Department of Homeland Security and the Federal Trade Commission kicked-off the 2007 National Cyber Security Awareness Month.

"What demands, mandates or filings might be made on your organization from external organizations - public, private or regulatory - during this kind of disruption? What will your customers expect from you?"

The statistics are getting more attention these days due to the real pandemic of ID Theft and transnational crime syndicates now turning to mechanisms of financial fraud. This has surpassed the drug trade in terms of the revenue potential and the ease of acquiring and accessing our personal identifiable information.

The purpose of this summit in conjunction with the National Cyber Security Division (NCSD) of DHS is to examine ways to develop an actionable, sustained national awareness campaign and prevention program to inform Federal, State, and local government, educational institutions, small business users. The focus continues on protection of key resources, critical infrastructure and personal sensitive information and identities from man-made and natural threats.

The presentation that was most refreshing and relevant was from the Honorable Deborah Platt Majoras, Chairman, Federal Trade Commission. She highlighted some of the recent enforcement actions and the continued emphasis on business to assure their reputations by staying out of the popular press. These remarks by Betsy Broder, Assistant Director of the Federal Trade Commission’s Division of Privacy and Identity Protection at an event last month, further address the growing concern by business to adequately protect consumers information:

Law Enforcement on Data Security
"One important way to keep sensitive information out of the hands of identity thieves is by ensuring that those who maintain such information adequately protect it. To further that goal, the Commission brings law enforcement actions against businesses that fail to implement reasonable security measures to protect sensitive consumer data. Public awareness of, and concerns about, data security continue at a high level as reports about breaches of sensitive personal information proliferate."

The awareness agenda continues because it is still a long way from getting the public and the Small and Medium Enterprise to recognize the fiduciary duty they have to their customers. Even this web site OnguardOnline produced by the consortium of government agencies working together to fight cyber crime and improve awareness still have not found all of the answers.

The Business Roundtable's new publication on "New Risks Require CEO Action" has been well recieved due to greater reliance on the Internet for Business Operations. Here are a few of the most important questions that CEO's can ask:

1. Have we considered the dependence of our vendors and supply chain on the Internet?

2. What degree of consumer confidence in our data, services or products may be affected by a disruption of the Internet or corruption of data and services that are dependent on the Internet?

3. Have we set in motion a strategy for attaining early warning information to better protect our customers and corporate assets as well as our suppliers and partners?

The World Economic Forum estimates a 10 to 20 percent probability of a breakdown of the critical information infrastructure in the next 10 years - one of the most likely risks it studied. Additionally, it estimates the global economic cost at $250 Billion, one of the largest cost estimates of the risks examined.

No comments:

Post a Comment