As ransomware continues to pose a significant threat to enterprises, C-level executives must collaborate and communicate with IT. This episode of the On-Premise IT podcast, brought to you by Commvault and recorded live in New York at their Shift event, features Thomas Bryant of Commvault along with Gina Rosenthal, Eric Wright, and Stephen Foskett. The discussion focused on the crucial need to bridge departmental gaps so IT and executive management can work together. The panel also emphasized the need for openness about risks, lessons from past attacks and the role of government mandates.
Ransomware is increasingly becoming a significant issue demanding the attention of C-level executives. As discussed on the On-Premise IT podcast recorded live at Commvault Shift, tackling cyber risks is not just a technical challenge but also one of leadership and governance. Commvault’s focus on cyber resilience brought to light the crucial role of CEO, CIO, and board involvement in addressing such threats. With government mandates pushing for greater accountability within organizations, the responsibility for cybersecurity now extends far beyond the domain of IT and security teams.
A key aspect highlighted throughout the discussion was the importance of collaboration between different departments within an organization such as security, networking, and IT operations. This cross-functional collaboration is seen as a critical factor in addressing cyber threats effectively. To facilitate such collaboration, the democratization of information flow is needed. Breaking down departmental silos and fostering free-flowing communication can aid in the rapid identification, reporting, and addressing of potential threats.
The shifting paradigm within cybersecurity, from solely focusing on prevention to minimizing damage in case of an attack, also came under discussion. The panel recognized that with the evolution and complexity of cyber threats, a strategy focusing only on prevention may be inadequate in protecting assets. This understanding calls for the regular testing and practicing of incident response plans, critical for building “muscle memory” and reducing potential downtime and lost revenue from cyber attacks.
In discussing the SolarWinds case, where the CISO faced criminal prosecution after a cyberattack, the podcast panel underscored the importance of transparency and honesty in cybersecurity. This precedent sets an example for other organizations, emphasizing that surviving an attack should not be a source of shame, but instead, should be an opportunity to learn and enhance security measures. The critical role of government regulations, resulting fines, and the potential incentivization of good cybersecurity practices through monetary means were also discussed as drivers of better cybersecurity practices.
Finally, the panel discussed Commvault’s new platform, marrying expert knowledge with proactive measures such as ransomware assessments to aid organizations in enhancing their cybersecurity practices. This approach signifies the industry’s movement away from its “wizards” culture, acknowledging vulnerabilities, and working towards admitting and addressing challenges. In essence, the cybersecurity landscape is one of shared responsibility, transparency, proactive measures, government backing, and technological advancements.