Once upon a time, not that long ago, only the largest corporations had to consider the rare possibility of a hacking attempt. The news stories were few and far in between. The companies were huge. SME (Small and Medium Enterprise) carried on with the reassuring thought that this wasn’t relevant to them, that it couldn’t possibly happen to them, and that they were too small to fail.
Now, cyber risk is like its own pandemic. Its effects are felt in every country. It regularly affects those once thought too big to fail. Its possibility gnaws at the back of the brains of those in charge of SMEs. Whether they are aware of it or not, whether they believe it or not, cyber risk now directly or indirectly affects all people everywhere.
Their utility companies ward off a multitude of attack attempts weekly. Their postsecondary schools receive attacks. Other infrastructure like hospitals and airports are regularly fighting off attacks. These are attacks in their provinces and country. Other attacks are on companies that they regularly patronize like Walmart in person or Amazon online.
We hear of some attacks. Some are reported in the news media. Just as many attacks never make it to the news because they go unreported. The companies or organizations might choose not to report a successful attack because they might not want what they perceive to be bad press. This isn’t the best choice.
The good news is that many of us in governance and leadership are all too aware of how monumental and far reaching this crisis is. We know that attacks, whether successful or unsuccessful, need to be brought out into the light and closely examined. We are sharing with each other. We are learning from each other. We’re understanding that communication and staying up to date with developments are ways to fight back. We are attending learning sessions of various scope.
Last week, I had the honor and pleasure of learning from one of the great cyber security minds in Canada during an event that I co-organized through the Saskatchewan chapter of the Institute of Corporate Directors. This was one of the best attended online events that Sask ICD had created. I was encouraged by the high number of attendees. It signalled to me that board members from organizations of all sizes and shapes are seeing the importance of awareness and staying current. Together, we listened. We asked questions. We got together in breakout rooms and shared with and learned from each other’s perspectives and experiences.
There is strength in numbers. Knowledge is power. Board members need to get together and learn from experts and each other. They need to share with each other. Together in governance and leadership, we can best learn how to best cope with cyber risk so we become cyber resilient.