BreachExchange mailing list archives
3 reasons why your cybersecurity plan needs to be revised
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 18 Feb 2016 19:07:55 -0700
http://www.cio.com/article/3033821/project-management/3-reasons-why-your-cybersecurity-plan-needs-revised.html I wish I could tell you that if you have a cybersecurity plan then you’re covered. But you are not. Why? Because the hackers and the black hats and the pursuers on the Dark Net and the Dark Web are one or more steps ahead of all of us all the time. If they weren’t, then there would be no security breaches or identity thefts or deadly hacks. With that said, here are three key reasons why your cybersecurity plan is outdated and needs to be revised. 1. If it wasn't created yesterday, then it's outdated. Everything can be hacked and the best black hats are already two steps ahead of the best prevention plans anyone has. In reality, what we think is cybersecurity is really just reactive cyberdefense against what happened to someone yesterday. We can anticipate what the next hack might be and build software and technology defenses against it, but that’s like trying to anticipate what might kill you tomorrow when in fact you could step in front of a bus accidentally and you probably didn’t plan for that one. You’ll never really be proactive, only reactive. 2. You need to hire a CSO or consultant and have them review and revise it. You planned security out with the personnel you had in charge at the time and that’s great, but hacker activity is increasing daily and targets are constantly changing. You likely need a chief security officer (CSO) or at least a lead security director or analyst who will guide your organization down a finer tuned path to mitigation and avoidance of cybercriminal activity. Bottom line, you need to spend more time and get more technical expertise on board quickly to do any good in combating the potential for cybercrime affecting your organization -- especially if you have sensitive data or are a larger organization with a potentially large database of customer information. 3. Look at your projects and clients from their side. You thought about security and cybercrime potential from your side and your potential liabilities. Now stop and look at it from your clients' side. What happens to them if some black hat activity seriously breached their data or puts their multimillion-dollar project with you in jeopardy? What would be the reaction of your very important client base? What would be the sudden drop in revenue you might experience? What costs would they incur and what would your responsibility to them be? Think liability. Summary / call for input The bottom line is this, if you weren’t too worried about cybercrime affecting you and the need for cybersecurity in your organization before -- well -- things have changed. This year will be different from last, and not for the better, because cybercrime is only increasing in number of incidents and overall costs year-over-year. According to a CBS.com article accompanying information about their CSI Cyber show (which is one of my personal favorites): “In 2014, 47 percent of American adults had their personal information stolen by hackers — primarily through data breaches at large companies. In 2013, 43 percent of companies had a data breach in which hackers got into their systems to steal information. Data breaches targeting consumer information are on the rise, increasing 62 percent from 2012 to 2013, with 594 percent more identities stolen. That added up to a staggering total of $18,000,000,000 in credit card fraud for the year.” Those are harsh numbers -- and they are only getting worse. The question is, what are you or your organization doing about it or what will you do with this info? Do you have a cybercrime or cybersecurity plan in place? Do you have a team and infrastructure? Is it part of your risk planning already or are you in a reactive planning mode only? Please share and discuss.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which vendors to trust. Contact us today for a demo.
Current thread:
- 3 reasons why your cybersecurity plan needs to be revised Audrey McNeil (Feb 19)