BreachExchange mailing list archives
5 things your CEO should know about cybersecurity
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 16 Sep 2015 19:22:11 -0600
http://www.cio.com/article/2984380/project-manager/5-things-your-ceo-should-know-about-cybersecurity.html I’m pretty sure by now that executives in organizations – especially organizations with some sensitive data to secure – are paying at least some cursory attention to cybersecurity and cybercrime. If not, then they need a wake up call and then a swift call to action in order to ensure that they don’t lose grounds and future lawsuits over a cyberattack that could have possibly been avoided or at least mitigated. Consider these five things that your CEO should know about cybercrime and cybersecurity and make them happen sooner rather than later. 1.You can grow security from within. You don’t have to pay someone a million dollars to oversee your cybersecurity. You likely don’t even need to hire from outside first…you can probably build a knowledgeable and workable group from individuals within your current tech groups. Certification isn’t a must. Education and on the job work is important. It involves networking, research and then incorporating some proactive (and possibly reactive) measures to get started. But start somewhere. And for most organizations, starting from within is good enough and definitely better than nothing. The paralysis of analysis won’t serve you well. Tomorrow may be too late…read on. 2. Don’t wait for tomorrow what you can do today. As I just said, tomorrow may be too late. We should learn well from others’ mistakes and oversights. In the past year or so there have been a plethora of learning opportunities…just go back and search CNN on hacking and identity theft if you’re memory isn’t too good or you happened to have not checked the news in over a year. Your CEO would be smart to take action today. And if you are the CEO reading this, know that you’ve been warned daily in the news. If you doubt how vulnerable your organization is, just attend a security conference like Black Hat or fork out a few thousand dollars to send a couple of individuals to the next digital security conference. Everything can be hacked…don’t let your organization be next. 3. It does take money, not just time. You have to fund security, not just put someone “on it.” Joe in the cubical in the next room is a techie, but he’s not your security man, despite what I said above about staffing from within. Joe can help you get started with some research, but you’ll need to spend some money – even if it’s just getting more “Joes.” You don’t have to pay high end to protect your organization…because you’ll never be able to fully protect your organization no matter how much you spend. If someone wants your data bad enough, they can and will get it. But you need to do what you can to protect it. If you’ve shown enough due diligence and still get infiltrated, you’ll likely not lose the lawsuits to come. 4. It should be considered a key element in risk management in every project initiative going forward. Your organization has projects. And risks. Consider cyber theft and cybersecurity a risk and proactive measure for all projects. Build it into your project management processes and methodology and educate your PMO director and project managers on the importance of risk management and cybersecurity. If you’re not paying much attention to it, then assume they are paying even less to it. 5. Staff a CSO…now. The time is now for a Chief Security Officer…if your organization is large enough to afford one. And you can contact me first. But seriously, your CEO should be considering a high-level security officer if you don’t already have one. Lots of big box companies were hit last year with credit card number theft, millions of government worker identities were infiltrated, and many marriages and other relationships…and lives…were ruined by recent data breaches. Wake up call…pay attention to cybercrime and cybersecurity now and spend money now to build your security organization. It may mean the difference between survival and disposal. Don’t be a fool – every thing can be hacked. And I believe we are only seeing the tip of a very big iceberg right now. Summary / call for input Security and cybercrime are big…right now. Today is the time to act – before your organization has a breach. So many times we fail to act…we are so used to just reacting. Reacting is often too late and you’ve already lost thousands or millions of dollars and possibly future customers and sales and profitability. Lesser organizations go down for the count from cyberattacks and never recover…costing hundreds or thousands of jobs in the process. What our CEOs need to know is that this is an issue right now. That’s why there are conferences like Black Hat USA, Black Hat Europe, DefCon, and others. There seems to be almost daily feeds on Facebook and CNN about the latest data breaches by attack groups, foreign entities infiltrating USA databases and ransom ware acquiring access to very sensitive identity and financial data. The time is now to do something about it and it starts with the education of our CEOs. What are your thoughts? Are you involved in data security? Are you frustrated by your organization’s lack of interest in cyber crime and cybersecurity? What measures have you taken to make the need more visible?
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- 5 things your CEO should know about cybersecurity Audrey McNeil (Sep 18)