The digital sun will never set, which means that digital threats to business and government will only grow in the future, the former secretary of the US Department of Homeland Security said Friday.
Tom Ridge, speaking at the American Institute of CPAs’ CFO Conference in Denver, said two permanent global threats are something the world will have to deal with “perhaps in perpetuity, but certainly for a long time”: the “scourge of terrorism” and the “digital forevermore.”
Ridge was a member of the US House of Representatives, the governor of Pennsylvania, and the first secretary of the US Department of Homeland Security. He now leads Ridge Global Solutions, which specialises in advancing security and economic interests of business and government.
Not long ago, Ridge said, organisations viewed cyber-security as something that could be handled by the IT department. Budgets for cyber-security prevention were scarce and inconsistent. Today, concerns about cyber-security are enterprise-wide.
“Now it’s a major business risk,” he said. “It’s now a C-suite problem.”
And the concern won’t fade as the world grows more connected. According to technology market research firm ABI Research, 40 billion devices are expected to be connected to the internet by 2020.
“The digital sun is never going to set,” Ridge said. “It’s going to get hotter in the years ahead.”
Organisations must be more collaborative when it comes to fighting cyber-threats. In consulting with several large, public companies, Ridge said he was surprised by the lack of communication between the IT department and operations regarding system security.
He also relayed a conversation with the representative of one public company after a recent, successful merger.
“I said, ‘I know you guys did due diligence on the financial side. Did you bring in a third party and do some digital due diligence?’
“He said, ‘No, we didn’t have to do that.’ ”
Ridge called on organisations to be better prepared for the inevitable attempt by outsiders to break into systems. He also said that fighting cyber-attackers encompassed planned responses after a breach.
Among the ways Ridge said organisations could better handle cyber-threats:
- Prioritising the most sensitive or critical data, such as a company’s “crown jewels”.
- Assessing system vulnerabilities.
- Regularly training employees.
- Having contractual agreements with vendors related to their level of digital security.
- Limiting or monitoring vendor access to an organisation’s data.
Taking such steps can help organisations build a “culture of resilience,” Ridge said. He added that threats are coming from all over the world, and he hoped that international co-operation could result in better monitoring but also more consistent punishment of cyber-attackers.
Related CGMA Magazine content:
“Tom Ridge: The Role of Finance in Cybersecurity“: In this CGMA Magazine podcast, Tom Ridge, the former secretary of the US Department of Homeland Security, discusses cybersecurity and cyber-risk management.
“7 Ways CFOs Can Keep Up With Rapid Changes in Technology”: Rapid change in technology has become the biggest source of pressure on company finance and accounting teams.
“CIOs in Global Survey Say Cyber-Security Is Top Priority”: Chief information officers in a global survey say cyber-security is a top priority, and more than half of them say budget constraints hold back IT innovation. While IT spending is on the rise, some IT executives say the IT function remains more of a utility and less of an innovator.
—Neil Amato (namato@aicpa.org) is a CGMA Magazine senior editor.
