ProLink Solutions board member, Phil Harrington, recently spoke on the “Board’s Changing Role in Overseeing Risk” during the Conference Board’s annual Risk Management and Resilience Seminar in New York. Before an audience of senior executives and fellow board members, Harrington focused his remarks on fast-emerging cyber threats. Against such threats, Harrington said that independent directors would well-serve their companies by pressing management on basic “blocking and tackling” questions in relation to a company’s cyber risk profile. He also mentioned that board members need not have deep technical expertise in order to effectively oversee a company’s fundamental cyber risk profile.
Harrington referenced the recent “WannaCry” ransomware that attacked companies around the globe to illustrate his point. Even though the attack itself was malicious, he said companies left themselves unnecessarily exposed through basic failures including lack of timely software path installation, continuing to run unsupported software, and failing to backup critical data. He said that if boards pressed management on even the most basic cyber risk mitigants, they would have likely reduced the probability of a successful WannaCry or similar attack. Harrington gave several other examples, underscoring his belief that the vast majority of successful cyber attacks had root causes that were internal and self-inflicted rather than external and malicious.
In addition to serving on ProLink’s board, Harrington is an independent director at Willow Street Group in Jackson, WY, a senior managing director at Brock Capital Group in New York, and an expert adviser on cyber resiliency to the World Economic Forum.