BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

3 reasons why your cybersecurity plan needs to be revised

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 18 Feb 2016 19:07:55 -0700
http://www.cio.com/article/3033821/project-management/3-reasons-why-your-cybersecurity-plan-needs-revised.html

I wish I could tell you that if you have a cybersecurity plan then you’re
covered.  But you are not.  Why?  Because the hackers and the black hats
and the pursuers on the Dark Net and the Dark Web are one or more steps
ahead of all of us all the time.  If they weren’t, then there would be no
security breaches or identity thefts or deadly hacks.

With that said, here are three key reasons why your cybersecurity plan is
outdated and needs to be revised.

1. If it wasn't created yesterday, then it's outdated.  Everything can be
hacked and the best black hats are already two steps ahead of the best
prevention plans anyone has.  In reality, what we think is cybersecurity is
really just reactive cyberdefense against what happened to someone
yesterday.  We can anticipate what the next hack might be and build
software and technology defenses against it, but that’s like trying to
anticipate what might kill you tomorrow when in fact you could step in
front of a bus accidentally and you probably didn’t plan for that one.
You’ll never really be proactive, only reactive.

2. You need to hire a CSO or consultant and have them review and revise
it.  You planned security out with the personnel you had in charge at the
time and that’s great, but hacker activity is increasing daily and targets
are constantly changing. You likely need a chief security officer (CSO) or
at least a lead security director or analyst who will guide your
organization down a finer tuned path to mitigation and avoidance of
cybercriminal activity.  Bottom line, you need to spend more time and get
more technical expertise on board quickly to do any good in combating the
potential for cybercrime affecting your organization -- especially if you
have sensitive data or are a larger organization with a potentially large
database of customer information.

3. Look at your projects and clients from their side.  You thought about
security and cybercrime potential from your side and your potential
liabilities.  Now stop and look at it from your clients' side.  What
happens to them if some black hat activity seriously breached their data or
puts their multimillion-dollar project with you in jeopardy? What would be
the reaction of your very important client base? What would be the sudden
drop in revenue you might experience? What costs would they incur and what
would your responsibility to them be? Think liability.

Summary / call for input

The bottom line is this, if you weren’t too worried about cybercrime
affecting you and the need for cybersecurity in your organization before --
well -- things have changed.  This year will be different from last, and
not for the better, because cybercrime is only increasing in number of
incidents and overall costs year-over-year.  According to a CBS.com article
accompanying information about their CSI Cyber show (which is one of my
personal favorites):

“In 2014, 47 percent of American adults had their personal information
stolen by hackers — primarily through data breaches at large companies. In
2013, 43 percent of companies had a data breach in which hackers got into
their systems to steal information. Data breaches targeting consumer
information are on the rise, increasing 62 percent from 2012 to 2013, with
594 percent more identities stolen. That added up to a staggering total of
$18,000,000,000 in credit card fraud for the year.”

Those are harsh numbers -- and they are only getting worse.  The question
is, what are you or your organization doing about it or what will you do
with this info?  Do you have a cybercrime or cybersecurity plan in place?
Do you have a team and infrastructure?  Is it part of your risk planning
already or are you in a reactive planning mode only?  Please share and
discuss.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.
Previous By Date Next
Previous By Thread Next

Current thread: