I frequently get asked this by my boss – a very nice man by the way – because, if I am unable to be held to account, I wouldn’t get my job done. Accountability is a consistent subject in team, management and board level meetings at ARM, and so it should be.
Just this week I read that there are still 300,000 systems vulnerable to the Heartbleed bug - 300,000! While this number has dropped by half since May, it is still a wholly unacceptable number or rather a lot of people who aren’t holding themselves accountable.
Why is this?
Arguably, Heartbleed is one of the most infamous hacks and the biggest retail hack in US history – for which companies have persistently failed to be held to account. Target had a Bangalore-based team who would monitor the company’s computers around the clock. After the malware was installed, which essentially recorded every credit card used at the company’s c.1,800 US stores, the hackers had to extract the data. At this point the monitoring team, despite an alert from their partner FireEye, allegedly did nothing; an interesting Bloomberg Businessweek video articulates the timeline and lack of accountability.
And what has been the result of this lack of accountability? A total of 90 lawsuits have been filed against Target for negligence and compensatory damages, and the business has spent $61 million up until 1st February 2014 responding to the breach (according to Target’s own 4th Quarter report to investors).
Why am I blogging on this?
I am writing this blog because of a recent meeting that the ARM Cyber Security team held with a third party, who invited us to enter a joint venture with him on a conference. And the theme of this conference? Cyber security accountability.
This event would be for CFOs, CISO/CSOs, CMOs and CTOs, and it would explore the “Golden Hour” after a hack, breach or detection, advising:
- What you should do
- Who is accountable
- What your plan should be
- How you could save your company millions of pounds, plus its reputation and (in all likelihood) your job.
The CEO of Target prior to the hack is no longer the CEO of Target – yeah, we know, shocking isn’t it? So, how are you going to prepare yourself and make sure you have a cyber or hacking strategy? How are you going to be accountable?
If you’d like to register your interest in our joint venture conference on cyber security accountability, contact the ARM Cyber Security team on firstname.lastname@example.org and we will keep you up-to-date with the event details.