CEOs must educate themselves on cyber security, says SSH CEO

CEOs must be the "best student in the class" when it comes to protecting a company's cyber security, says SSH Communications Security CEO


Cyber security is becoming more and more a part of everyday business. Yet many C-level executives have very little understanding of what it entails and how it affects their operations. Harri Koponen, CEO of SSH Communications Security, explains how the buck starts with the CEO, and how they can take responsibility for the attitude shift needed to create a cyber secure business.

European CEO: Cyber security is becoming more and more a part of everyday business. Yet many C-level executives have very little understanding of what it entails and how it affects their operations.

With me now to discuss is Harri Koponen, CEO of SSH Communications Security.

Well Harri, let’s start with how much of an issue is cyber-crime worldwide. I’m thinking, who does it affect directly and indirectly, and how much of a knock-on effect economically is it?

Harri Koponen: Yesterday I heard from governmental official saying that of European companies that have been hacked, one third didn’t survive. So there is a significant financial impact: we’re talking billion-dollar businesses here. The effects have also measured in the hundreds of millions, or billions.

The answer is, it affects all of us. We need to be aware that this infinite game is on, and we need to be doing our part, that the criminals don’t kind of get the benefit out of this, and we all are part of this bigger initiative to make this more safe and easier to use. Because right now these systems are kind of designed for techies.

European CEO: What do businesses really need to be aware of though, to protect themselves?

Harri Koponen: First of all they need to be aware that the crooks are already in. Criminals are investigating our systems, and we need to be aware of how to protect the core: the ultimate information that can’t go out, that will harm the company. So it’s kind of focusing on this game between the criminals and the good guys.

European CEO: Are there common mistakes that companies or people make when it comes to this kind of thing? And how can that be avoided?

Harri Koponen: It’s the attitude. It starts from the private individual level: have I protected my personal devices? Do I have my encryptions on? Have I protected my PIN codes and I don’t keep passwords in open places?

It’s a general attitude towards this kind of issue. It’s, ‘How can I help the company and my individual things be more protected and secure?’

European CEO: Cyber criminals are becoming more and more sophisticated, so what sort of tools are in place in terms of cyber-security?

Harri Koponen: I don’t want to talk to the tools per se, but it’s more that there are tools, and there are professional companies who can help. We don’t typically talk about the tools, because it creates a negative effect: people then understand how the tool works.

European CEO: How much responsibility should a CEO take when it comes to this issue, and how can they best educate themselves in this field?

Harri Koponen: The buck starts from the CEO. So, he or she has to talk a more serious role in the whole company. They need to educate themselves a little more about this topic. You can’t say in court, ‘I didn’t know.’ So, they have to take personal responsibility for making sure that the attitude changes in the company. And they have to show first that they have done everything in their power. They have to be a good example, the best student in the class, so to speak.

And the second thing is, they need to make sure that they have asked the right questions, and followed up. So it’s not just one time making a big vision statement and then moving on to the next thing. You need to dig the details. And if you don’t know, go and educate yourself. Go and understand encryption: what it really means. How to protect the cloud. What we mean about the internet of things, or the industrialised internet.

All these kinds of things that are buzzwords, but you should really understand what it means in terms of cyber security for your business.

European CEO: And cyber security can actually be used to enhance a company’s competitiveness. How is this?

Harri Koponen: If you do things in a proactive way, and you make them – if you have a flow of things, if you don’t stop the business flow. If you keep the criminals, these hackers, in isolation. But you protect the information so that business can continue, this is a positive thing.

Proactiveness is a tool. You don’t talk this technical jargon, you just kind of let the business use the best tools, but you protect yourself in an encrypted way, the stuff in the back end: that keeps the business moving.

European CEO: And finally, how do you see cyber security evolving as the business landscape develops?

Harri Koponen: I think the first thing is, we need to make this system easier to use. So that users can actually use the systems without expert knowledge. That’s one thing: make it fun and easy.

The second thing is, how can we really make sure that we are protecting the ultimate core in the right way? That we don’t have to make these systems too cumbersome to use.

Then we need to raise this awareness everywhere: that all people who are involved and do things, it affects all of us. It’s the weakest link that can break the whole chain. And we think, ‘Oh, it’s not bothering me,’ or, ‘Our company is not really under attack.’ We are all under attack all the time. The game is on, all the time. And we need to play the game in a way that protects systems, by professionals.

It’s not about fear. It’s about, ‘Hey: we have a solution.’