Module IV·Article I·~1 min read
Cybersecurity for the Non-Technical Executive
Cybersecurity and Risk
Turn this article into a podcast
Pick voices, format, length — AI generates the audio
Why Cybersecurity Is a Strategic Issue
Average cost of a data breach (IBM 2023): $4.45 million. In addition to direct losses—reputational damage, regulatory fines (GDPR), loss of clients. Major breaches: Equifax (147 million clients, $700 million fine), Sony Pictures (2014, $100 million in losses).
Changing Threat Landscape: attacks are no longer limited to large corporations. Ransomware targets hospitals, small businesses, municipalities.
Key Types of Threats
Phishing: fraudulent emails/messages imitating legitimate organizations. 91% of cyberattacks begin with phishing. Spear phishing — targeted phishing against a specific person.
Ransomware: the program encrypts data, demands a ransom. Colonial Pipeline (2021): $4.4 million in ransom, gasoline panic on the U.S. East Coast.
Social Engineering: manipulating people to gain access. Famous Twitter hack (2020): hackers called employees and convinced them to share passwords.
Insider Threats: threats from employees—deliberate (revenge, data theft) or accidental (errors, phishing).
Supply Chain Attacks: attack via a trusted vendor. SolarWinds (2020): monitoring tool hacked—through it, thousands of clients were infected, including the U.S. government.
Basic Protection Principles
Zero Trust: "Never trust, always verify." Every access request is verified—regardless of the user's location.
Multi-factor Authentication (MFA): even if the password is compromised—a second factor is required. Microsoft: MFA blocks 99.9% of automated attacks.
Principle of Least Privilege: users have access only to what they need for their work.
Regular Software Updates: 60% of hacks exploit known vulnerabilities for which patches exist.
Practical Assignment
You are the CEO of a mid-size company (200 employees). Yesterday, the managing director received a phishing email and accidentally disclosed their login/password. Develop an incident response plan: (1) First 24 hours. (2) Communication (internal and external). (3) Investigation. (4) Long-term measures.
§ Act · what next