[BreachExchange] Safeguarding data: Are you really prepared for a cyberattack?

Audrey McNeil audrey at riskbasedsecurity.com
Tue Apr 3 19:05:16 EDT 2018


https://www.bizjournals.com/louisville/news/2018/04/02/
safeguarding-data-are-you-really-prepared-for-a.html

“Cybersecurity” has become a buzzword over the last couple of years,
especially with more cybersecurity attacks against large companies or
corporations that are recognizable by name, but have you really taken the
time to sit down and assess your organization’s IT security position?

Many organizations quickly punt the topic of cybersecurity to the IT
department. While IT plays a huge role in cybersecurity, it is the
responsibility of those charged with organization governance to ensure
compliance. Board members and senior leadership should be asking the
questions and confirming that the organization is devoting the proper
resources and attention to cybersecurity.

“One and done” doesn’t work here

It is critical to understand that cybersecurity is not a one-time project.
It is a continual evolution and initiative.

Leadership needs to also recognize there can be substantial costs
associated with cybersecurity activities and for some organizations such as
colleges and universities, they are not optional. Across the public and
private sectors, it is imperative that organizations continue to enhance
cybersecurity in order to meet evolving threats to controlled unclassified
information and challenges to the security of such organizations.

With the ongoing focus on your organization’s bottom line, it might be
tempting to defer projects related to cybersecurity to reduce budgets.
However, doing so could put your organization in a position where you are
not prepared, or even worse, in noncompliance with certain regulations
specific to your industry. Cutting corners on cybersecurity compliance
could wind up costing your business more in the end.

The “I’m covered already” approach

When evaluating your cybersecurity preparedness, there are several factors
to consider. Let’s take a step back - right now, your priority is your
business. You’re buying new technology, investing in new infrastructure and
most likely trying to adapt to changing business models like cloud. It’s
all good work but it takes time and effort.

Hackers desperately want access to your customer data, employee data, or
intellectual property because it’s worth a lot. A single theft could cost
your company severe financial damange .  And sometimes, in the case of
ransomware, all they have to do is lock it down and force you to pay to get
it back as you’ve heard about in some of the latest attacks.

Why do you hear terms like “dynamic threat landscape” these days? Because
you aren’t facing a group of hacktivists in a basement anymore – you are
now facing professionals with a lot to gain.

Your business and the threat landscape around you are ever changing.  It is
imperative that your organization conducts an annual cyber risk assessment.
This allows the entire organization to consider current and future risks
and put forth a plan to mitigate the identified risks.

Some businesses will run out and acquire every new solution they hear about
for protecting their organization against cyber risks. While having a
multi-layered approach to cybersecurity is important, it is also equally
important to have an organized approach and to use tools that are designed
to work together.  If your solution is designed properly, you could end up
with what we call the security effectiveness gap. As you add more solutions
that don’t work together, the complexity exponentially increases. So, every
time you add another solution or another vendor, you add another gap –
another vulnerability.

A robust cybersecurity solution will:

1. Stop threats at the edge
2. Protect users where they work (especially when team members are working
remotely or on a personal device)
3. Find and contain problems fast
4. Control who gets on your network and from where
5. Simplify network segmentation
6. Provide compressive monitoring and detection

…But I have cyber security insurance

That insurance probably doesn’t cover anywhere near what you think it does.
Should you invest in cybersecurity insurance? That’s a topic for a
different day.

Your business, no matter what size or type, needs to be prepared to handle
a cyberattack at a moment’s notice. It is important to work with
credentialed professionals with cybersecurity expertise and experience to
help you maximize your investment and make sure you have all the
appropriate measures in place to keep hackers at bay.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180403/7116869a/attachment.html>


More information about the BreachExchange mailing list