[BreachExchange] Yahoo Fallout Underscores the New Reality in Cyber Security
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Mar 3 16:29:19 EST 2017
http://www.foxbusiness.com/features/2017/03/02/yahoo-
fallout-underscores-new-reality-in-cyber-security.html
Yahoo's CEO Marissa Mayer won't be getting certain bonuses, according to a
filing with the SEC on Wednesday, as the fallout from the massive security
breach continues to roil the company. Last month Verizon was able to cut
price tag for the tech-giant by $350 million because of that very same
security breach.
All of that is a reminder cyber security has significantly changed. The
costs are huge. Dollars and cents in a merger or sale of a company pale in
comparison to someone’s identity being stolen when they bought something at
their local store or trusted their data to an insurer.
Today, cyber security requires a new way of thinking. Too many times, in
too many organizations, IT personnel have their hands full just maintaining
the day-to-day operations of a company’s infrastructure, let alone securing
it. I know, because I have been that overworked and under-resourced IT
person.
The thought used to be if you spend a lot of money to build a bigger
fortress, cyber criminals can’t get in, but then Target was hacked. If you
can be breached via an air conditioning vendor, then there is no fortress
big enough to keep cyber criminals out. How can organizations win the fight
against a growing, lucrative, incentive-driven industry that recruits more
cyber hackers every day? Here is a new reality for effective cyber
strategy.
Determine your greatest digital assets. Of course, everyone would say,
every piece of data is the most important piece of data! But it is not.
Take the time to look at what your organization truly values and then judge
the risks. If you assess what is most important, you will be able to make
risk-based cyber security priorities.
Think creatively and segment out your digital assets to make it as hard as
possible for thieves to steal your all your data in one fell swoop, a tool
we employed at the White House. Remove the “low hanging fruit” that
incentivizes those who want to steal your data.
Analyze the enemy. You can’t defend against all levels of threat. They can
range from massive armies of automated bots to organizations that spend a
lot of time and money on sophisticated attacks. Where are your greatest
threats coming from and how are they trying to attack? Are you learning
from incidents suffered by your competitors and peers?
Look alive. Many organizations are breached without even knowing it. The
hackers penetrate deeper than they can even digest in real time. It’s like
carbon monoxide poisoning. Invisible and deadly. Do you have a way to be
alerted if your organization was breached and how? Information is priceless
in the PR battle to mitigate a crisis.
Design a PR cyber incident fire drill. How and when you respond to your
company’s breach may determine the viability of your company’s next move.
Just ask Yahoo! or Target. As the drip, drip, drip of information came out,
they lost confidence internally and externally and it was reflected in the
headlines.
Today, instead of writing a bigger check to build a bigger fortress, design
an adversarial-based approach to protecting your organization. Find them
before they find you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170303/6631b38e/attachment.html>
More information about the BreachExchange
mailing list