Bill Archer, Managing Director of eir Business, looks at what CEOs should prioritise as they plan their cyber-security activities in 2018 and beyond.
What is your own feeling when you hear of well-known organisations continuing to be compromised by cyber-attackers?
I find it very concerning: the persistence of the cyber-criminal community, of the organisations and individuals, is unrelenting. In their own way, they’re innovative, because they continue to find ways in, and the scale of the impact and disruption they cause is increasing exponentially. It’s disconcerting to hear they have found yet another vulnerability, and you tend to wonder: was that vulnerability something that could have been prevented?
Do you see eir Business customers discussing these attacks, also?
Cyber-security is absolutely a topic that is foremost on our customers’ minds. These attacks make headlines and the degree of impact has gone from narrow to extremely debilitating. Organisations in the public and private sector, whatever their business, are concerned they will be the next target. And that’s a result of how the economy functions now: through connectivity, and the use of communication networks. Organisations use networks to bring together members of a business process or an economic value chain. When networks like these are targeted, every organisation is wondering if they are next.
You previously wrote about how cyber-security has to be a CEO issue. Do you see it becoming so?
Yes. The risks are so great, and the attacks have been so widely reported, that it’s impossible for boards not to be sensitive to the potential impact on their organisations of an attack. The attacks we’ve all heard about cut across every industry, every type of business, public and private sector; no entity is immune. And with government oversight ramping up, including regulations like GDPR, awareness in the boardroom has absolutely increased. But cyber-security is a sophisticated and multilevel topic: it involves technologies, business processes, people, and a significant competency and training element. Taking control of cyber-security is a tall order, and I think that’s what senior management teams are grappling with now. How can they set up their plan, put the right management model in place, ensure the appropriate level of investment is there? Getting a handle on all those issues, in the right sequence, is a big task.
Where does eir business get involved in those conversations with customers?
Increasingly we are engaging in the dialogue on an ongoing basis, within the natural cycle of our relationships with customers. Our customers’ dependency on their networks and networked systems will only grow. There is no beginning or end to the challenge of securing your business environment, to ensuring that only appropriate use is made of your networks. Cyber-security has become one of the most fundamental elements of our customers’ businesses. What we’re doing is developing our capability so that we can help with all aspects of this never-ending process: including helping customers identify vulnerabilities; isolating and addressing areas that can be used for incursion; and helping them manage the entirety of their network-oriented security environment on an ongoing basis. We’ve enhanced both our internal organic capability at eir Business, investing in our network and product portfolio of security services, but also we’ve engaged highly focused security partners who we bring in, and who have the contemporary capabilities our customers need in key areas. We see a lot of value in having partners that bring in these capabilities to complement our own network and security portfolio.
Looking forward to 2018 and 2019, do you see eir Business customers focusing on improving their own internal skills, or on finding partners who can address security with them?
It’s a little bit of both: given the serious nature of this issue, and the need to ensure adequate protection, companies do need an internal competence. But it’s more economical and more likely to produce better results if they rely on the more extensive capabilities in the market to help them address particular needs. eir Business is one of those partners, and we’re glad to help our customers address what is and will continue to be the multi-layered challenge of cyber-security.