Managing Cyber Security, Where Do We Start?

Cyber Security | Insight | Published 14. Jun. 16

Share with Your Professional Network

As information technology professionals are flagging the seemingly incessant rise of cyber security in terms of both an urgent threat to businesses and organisations and a potential growth opportunity, we canvassed some current views from a broad range of CIOs and security managers. Topics discussed ranged from how to prepare developing a cyber security strategy, and the need to keep informed of the latest trends to who should be in charge on cyber security within organisations and key issues such as staff training and the way forward for companies embarked on their own digital transformation.


First Things First

Neo Industrial Oyj CIO Ove Fagerlund, cited as the main challenge, the question, how to take the first small steps to boost the expertise and the business’ awareness around the increasing risk of cyber threats? More specifically, Fagerlund highlights the need to scope out the big picture and assess how that overview matches up with the business environment, “I think the security area is a bit fuzzy, it’s a bit confusing how to get the picture and link it to the business.”

Keeping Up-to-Date

But that’s not the whole story. McDonald’s Oy’s IT manager, Helinä Tapaninen, notes the difficulty of keeping up with cyber security trends in an ever-changing threat landscape, “Today, to be up-to-date with all the cyber and information security subjects is a key challenge. And also then the understanding of what I must do, how much do I want to pay for it, what’s the business value?”

Taking Charge

Another hot-button issue up for debate centres on who should assume the main responsibility of cyber security going forward. “Someone in the leadership team, always,” is Tapaninen’s take on this question. “Even the actual responsibility would fall down to IT in the organization, but someone in the leadership team should be clearly responsible for this stuff, because it’s impacting what we do one way or another.”

However, SATO Oy CIO Juha Keskitalo, argues that in the longer term we’ll see business owners themselves stepping up to the plate. “In the future, I think it’s the business, the owner of the data; they are usually the interface for the customer and in that point of view, they should also be aware of how the use of data is interfering with people on a daily basis,” says Keskitalo. “So, it’s the most important part… that they are aware and responsible.”

Staff Training

Finally, there is the tricky issue of just how to tackle the training of staff on cyber security.

According to Pöyry Oyj IT development and architecture director Jukka-Pekka Numminen, the core challenge is to put employee cyber security training together in such a way that it is straightforward enough to grasp and retain.

“And that’s a difficult task for information security people,” notes Numminen. “First of all, they speak security jargon that no one understands and then they tend to categorize everything in multiple classes, where you have a lot of rules and exceptions.” This, he emphasizes is very difficult to fully comprehend, “because you have other things to remember and you have a lot of processes that you have to follow.”

Code of Conduct

Meanwhile, Gemalto Oy Information Security Manager Helvi Salminen touched on whether information security issues might hamper the ongoing development of digital transformation.

“Many security specialists would like to set rules to the digital development, but I think that information security can neither prevent nor hinder,” says Salminen. “If we are fortunate, it can set some code of conduct, some kind of positive rules to make this development in such a way that it’s safe, secure, and usable.”

The interviews were conducted at the 600Minutes Information and Cyber Security, Finland, on May 19, 2016. For more on our upcoming events, visit the Event Calendar» 

The Most Efficient Working Day!

Invited Guests

The most efficient working day. Insights and ideas from the stage and from a network of executives. The best solutions for your business challenges.

Read more »

Solution Providers

Meet executives with investment needs. Bring your solutions and insights to your most potential clients. 11 markets, 20 000 executives, guaranteed meetings.

Read more »

Management Events brings together top-level executives and solution providers, providing high value to both parties. Our concept attracts 20 000 visionary leaders to our events in eleven countries, over 170 times a year. Management Events Surveys provides insights and trends for solution providers and executives, helping them gain deeper understanding of challenges and needs of the largest corporations.

Sorry but your browser screen is too small for this site.