Russia’s invasion of Ukraine, and subsequent sanctions from the Western world in response, have sparked corporate concern over cybersecurity threats. And for good reason.
Hackers, presumed to be Russian, shut down more than 70 Ukrainian government sites in January, and other government and corporate entities could be next.
In 2021 alone, major hacks linked to Russia targeted some of the largest companies in the world, including Microsoft, Facebook, and Kroger. JBS, the world’s largest meat producer, was forced to shut down all of its U.S. plants after an attack on its computer networks in May. A major cyberattack also forced the shutdown of one of America’s largest fuel pipelines in 2021. Such breaches cost companies an average of $4.24 million per incident, according to an IBM report, and can lead to trillions of dollars in total losses.
As Russia wages a digital war, the Department of Homeland Security has warned boards to be extra cautious. Modern Board spoke with cybersecurity practitioners for guidance on managing cybersecurity risks. Here’s what they said:
Move fast and create action plans
If boards are not already aware of the need to monitor and manage cybersecurity risk, they must swiftly jump into action. Continuous monitoring and cybersecurity vigilance should not solely be tasked to chief information officers and IT leads.
“Boards need to get involved immediately to ensure that company leadership is laser-focused on cybersecurity,” says Jacob Olcott, VP of government affairs at cyber-risk ratings firm BitSight. “CEOs need to review incident response plans with executive leadership and security teams, and be ready to put those plans into action.”
Employ identity verification
The proliferation of remote and hybrid work means that employees and third parties are able to access everything from anywhere, says Fran Rosch, CEO of ForgeRock, a cybersecurity software company. “You need the ability to distinguish real users from bad actors.”
Employers should mandate strong passwords, multifactor authentication, and increased cybersecurity training, as well as enhance the sensitivity of monitoring systems. Rosch adds that help desks will likely soon be bombarded by imposters trying to steal customer information or access employee accounts.
Be wary of brute force attacks
Robert Blumofe, EVP and chief technology officer of Akamai Technologies, says companies should be prepared for “brute force” attacks, which is when hackers submit millions of passwords in an attempt to infiltrate systems.
“Implementing DDoS [distributed denial-of-service] protections or a web application firewall on critical internet-facing applications can be done quickly and provides a good defense,” Blumofe says. If these are already in place, Blumofe suggests revising protocols for attack response and data migration in the event that digital evacuation becomes necessary.
Additional protections include multifactor authentication, Zero Trust access, and micro-segmentation. Although they take longer to implement, they provide significantly stronger protection against attacks because they minimize vulnerabilities.
Get non-tech leaders on board
Employees can be loose with their passwords, fall for phishing scams, or make human errors that compromise cybersecurity and lead to accidental exposure of a company’s data.
While leaders can lean on their IT department and technology partners, they must ensure that cybersecurity is an organizational responsibility and train all employees on how they contribute to the organization’s digital security.
“Any part of your organization that is exposed to the internet can become an entry point for a cyberattack,” Blumofe says. “Be prepared for what you will do if technology goes down—emergency methods of communication, scenario planning for core business operations, and so on.”
P.S. Please take the Modern Board reader survey: We’d love to know your thoughts on this newsletter! If you’re able, we would greatly appreciate your feedback in this two-minute survey to help us better serve our readers.
Aman Kidwai
aman.kidwai@fortune.com
Headlines
Shareholders talk Schultz. Howard Schultz is returning to Starbucks for a third stint as CEO. He is widely credited for the growth of the company into a global mega-brand, but it is in a much different situation these days, thanks to unionization efforts. On Tuesday, a group of 73 shareholders urged the coffee chain to change its approach, arguing in a letter that the company risks its reputation by opposing the union. Restaurant Dive
Corporate naughty list. Yale professor Jeffrey Sonnenfeld and researchers have compiled a list of companies’ actions in Russia, grouping them into four categories: withdrawal, suspension, scaling back, digging in. The negative publicity combined with public pressure has prompted some companies to change their stance on Russian dealings. Washington Post
Bank loan bias. Black applicants were far less likely to be approved for loan refinancing in 2020 than white applicants, according to an analysis of Home Mortgage Disclosure Act data. Wells Fargo had the widest gap, approving 72% of white applicants and just 47% of Black applicants. JPMorgan, Bank of America, and Rocket Mortgage all had gaps of between 9% and 12%. Bloomberg
Boards choose new tech. Investments in emerging technology are no longer solely made by tech leaders; 53% of surveyed organizations say their boards of directors are among those who decide on emerging technology investments, just behind CIOs and CTOs. Companies are spending the most on 5G, IoT, and edge technologies, according to the survey. Gartner
Departing Netflix. A former Netflix engineer explains how rigid career pathing and decreased creative freedom led to his eventual departure from a high-paying engineering job at the streaming platform. His story sheds light on why people with seemingly desirable jobs are joining the Great Resignation, and the importance of acknowledging employees’ career goals. Medium
A new Downtown, USA. Downtown neighborhoods in American cities are due for a makeover after being dominated by office buildings for decades. But if cities want to revive their downtown districts, they’ll have to adapt to the era of hybrid work and develop multifunctional spaces that provide facilities for convening and collaboration, while freeing up real estate for other needs like housing and public spaces. Atlantic
Board movement. Elon Musk is leaving the board of mega–talent agency Endeavor. Former CITGO vice president Bob Kent is joining the company’s board. Verint has appointed Kristen Robinson, chief people officer at Splunk, to its board. David Sagehord, former CFO of Oshkosh Corp., is joining the board of agricultural manufacturer AGCO. Management consultancy Huron has added Peter Markell, former CFO at Mass General Brigham, to its board. GlaxoSmithKline has announced the first members of the board for its spinoff company Haleon. Ryerson Holding Corp. has added its CEO, Eddie Lehner, to the board. In anticipation of its merger with AT&T, Discovery has named a set of new board members, with six coming from its company and seven coming from AT&T, as outlined in their initial merger proposal.
Numbers That Matter
55%
More than half of companies in a survey by HireVue reported that they had higher turnover in 2021 than 2020. About 68% reported that it takes more than three weeks on average to fill vacant roles.
This is the web version of The Modern Board, a newsletter focusing on mastering the new rules of corporate leadership. Sign up to get it delivered free to your inbox.
