Thomas Kennedy, chairman and CEO of Raytheon, urged fellow executives at a forum last week to review their companies’ cybersecurity strategy as threats become more sophisticated and cybersecurity becomes more than just an information technology concern.
The company said Sept. 17 Kennedy told his audience at Northeastern University’s CEO Breakfast Forum that corporate leaders can focus on six areas to guide their strategy reviews.
According to Kennedy, CEOs should look into the company’s risk management measures and the National Institute of Standards and Technology‘s five-step approach to identify and fix vulnerabilities, monitor for intrusions, and address intrusions with a response and data recovery plan.
He also recommended that the review include the commitment or engagement of employees in the cybersecurity efforts, their awareness and training in cyber measures, as well as the security of acquired companies.
“You should be including cybersecurity in your due diligence — looking at networks, asking how they monitor the systems, asking if they’ve been breached [and] asking if their IP has been stolen,” Kennedy said.
He added that CEOs should also consider storage of Internet traffic data to support a reverse-engineering or forensic approach to address breaches, and the use of encryption to protect corporate data.