Cybersecurity risks increasing a concern for company boards

Companies wising up to security risks but new technologies make the job harder

EY global security leader Kris Lovejoy: ‘With the coming of AI and 5G there is a much bigger attack surface where people who are angry can cause widespread disruption.’

EY global security leader Kris Lovejoy: ‘With the coming of AI and 5G there is a much bigger attack surface where people who are angry can cause widespread disruption.’

 

Company boards have woken up to cybersecurity risks and are paying considerably far more attention to the issue and are actively fighting to stay ahead of potential threats, according to one of the world’s leading security analysts.

However, the general public has become increasingly desensitised to breaches, making it increasingly difficult for organisations to fight new threats associated with new technologies such as artificial intelligence (AI) and the internet of things (IOT), claims Kris Lovejoy.

Speaking to The Irish Times on a recent visit to Dublin, Ms Lovejoy, who was appointed global security leader at consultants EY earlier this year, also said that what constitutes a breach is undergoing revision.

Top concern

Her comments come as a new EY study shows that over half of global chief executives view national and cybersecurity as the top concern threatening business and economic growth.

“A breach isn’t necessarily unauthorised access but unauthorised manipulation of data – that is someone coming in and interfering with the resilience of your system. The problem for most companies is that they can detect unauthorised access but don’t necessarily know what happens next. This means that while they may know about a breach for month they typically don’t disclose because they don’t have to unless they know for sure data has been taken outside of the organisation,” Ms Lovejoy said.

“We’re seeing changes now to reporting of breaches with the recent New York State Shield act for example amending the definition of breach from authorised release of data to unauthorised data so that the mere viewing of information by an outsider had to be disclosed. This is forcing companies to act in a way they wouldn’t have done before,” she added.

Solutions

Ms Lovejoy joined EY in February from BluVector, a company she led that offers AI-powered cybersecurity solutions. Other roles she has had include chief information security officer (CIO) at IBM. She comes from a family of security specialists – her sister Juliane Gallina is CIO for the CIA.

The cybersecurity expert said destructive cyber acts rather than data breaches are on the increase, rising from less than 1 per cent year ago to between 16 per cent and 18 per cent currently.

Ms Lovejoy said it was likely such acts would increase in the coming years as newer technologies become more commonplace.

“With the coming of AI and 5G there is a much bigger attack surface where people who are angry can cause widespread disruption,” said Ms Lovejoy.

“IoT is another risk because a lot of them are built without proper security consideration. It is similar to buying a car without a seatbelt in a lot of instances,” she added.