Published 14. Jun. 2016
Managing Cyber Security, Where Do We Start?
First Things First
Neo Industrial Oyj CIO Ove Fagerlund, cited as the main challenge, the question, how to take the first small steps to boost the expertise and the business’ awareness around the increasing risk of cyber threats? More specifically, Fagerlund highlights the need to scope out the big picture and assess how that overview matches up with the business environment, “I think the security area is a bit fuzzy, it’s a bit confusing how to get the picture and link it to the business.”
But that’s not the whole story. McDonald’s Oy’s IT manager, Helinä Tapaninen, notes the difficulty of keeping up with cyber security trends in an ever-changing threat landscape, “Today, to be up-to-date with all the cyber and information security subjects is a key challenge. And also then the understanding of what I must do, how much do I want to pay for it, what’s the business value?”
Another hot-button issue up for debate centres on who should assume the main responsibility of cyber security going forward. “Someone in the leadership team, always,” is Tapaninen’s take on this question. “Even the actual responsibility would fall down to IT in the organization, but someone in the leadership team should be clearly responsible for this stuff, because it’s impacting what we do one way or another.”
However, SATO Oy CIO Juha Keskitalo, argues that in the longer term we’ll see business owners themselves stepping up to the plate. “In the future, I think it’s the business, the owner of the data; they are usually the interface for the customer and in that point of view, they should also be aware of how the use of data is interfering with people on a daily basis,” says Keskitalo. “So, it’s the most important part… that they are aware and responsible.”
Finally, there is the tricky issue of just how to tackle the training of staff on cyber security.
According to Pöyry Oyj IT development and architecture director Jukka-Pekka Numminen, the core challenge is to put employee cyber security training together in such a way that it is straightforward enough to grasp and retain.
“And that’s a difficult task for information security people,” notes Numminen. “First of all, they speak security jargon that no one understands and then they tend to categorize everything in multiple classes, where you have a lot of rules and exceptions.” This, he emphasizes is very difficult to fully comprehend, “because you have other things to remember and you have a lot of processes that you have to follow.”
Code of Conduct
Meanwhile, Gemalto Oy Information Security Manager Helvi Salminen touched on whether information security issues might hamper the ongoing development of digital transformation.
“Many security specialists would like to set rules to the digital development, but I think that information security can neither prevent nor hinder,” says Salminen. “If we are fortunate, it can set some code of conduct, some kind of positive rules to make this development in such a way that it’s safe, secure, and usable.”
The interviews were conducted at the 600Minutes Information and Cyber Security, Finland, on May 19, 2016. For more on our upcoming events, visit the Event Calendar»