Good Leadership and Science Matter in a Pandemic
Wisdom from Winning Leaders

Do You Know This About Cybersecurity?

Cybersecurity

Cybersecurity is in the news almost weekly. Unfortunately, the number of threats is increasing. The sophistication of the attacks is growing. Individuals, businesses (large and small), and governments are under attack. Here are some basics.

For example, Colonial Pipeline, which carries gasoline, diesel and jet fuel from Texas to New York, was recently hacked in a high-profile ransomware incident. Another case involves SolarWinds. An NPR investigation into that attack revealed "a hack unlike any other, launched by a sophisticated adversary intent on exploiting the soft underbelly of our digital lives: the routine software update."

WHY should you care? The problem is huge, changing quickly, complex, and expanding. It impacts everyone and every organization. In a 2019 CEO Imperative Study by Ernst & Young, CEOs of the largest 200 global companies rated national and corporate cybersecurity as the number one threat to business growth and the international economy in the next 5 to 10 years.

 

According to McAfee, the global computer security software company, "Annual losses from cybercrime range from $500B to $1T and are projected to rise to $5T by 2024."

 

According to the Federal Bureau of Investigation, "There are 4,000 ransomware attacks every day."

 

According to The Center for Strategic and International Studies, a Washington think tank, and McAfee, "Sixty-four percent of Americans have lost personal data or had fraudulent charges due to cybercrime."

WHAT to do about it? The National Association of Corporate Directors in Cyber-Risk Oversight 2020 recommends five core principles that companies and their directors need to address:

 

Risk. Recognize cybersecurity as a strategic enterprise risk, not just an IT risk.

 

Legal. Understand that cyber risks have legal implications.

 

Expertise. Ensure there is adequate access to cybersecurity expertise and discuss risk management regularly.

 

Framework. Set expectations that management will establish an enterprise-wide, cyber-risk management framework with staffing and budget.

 

Financial Exposure. Identify and quantify the financial exposure for cyber risks and which risks to accept, mitigate, or transfer through insurance coverage and /or specific plans.

TAKE ACTION now as an Individual

 

Use complex passwords. The longer and more complex the better.

 

Update your devices so they have the latest security features and patches.

 

Don't open unsolicited emails and don't click on phishing links or buttons, no matter how realistic they may appear.

 

Back-up devices and systems regularly. When was the last time you did a back-up of your data? How much data can you afford to lose?

 

Protect your devices and Internet connections. Do you have anti-virus and anti-malware protection on your devices? Are you using two-factor authentication? Do you use a Virtual Private Network (VPN)?

TAKE ACTION now as a Business (from Cyber-Risk Oversight 2020)

 

Do you have an Incident Response Plan? Establish one now.

 

How is personally identifiable information (PII) safeguarded domestically and internationally? What other standards (e.g., HIPAA) must you comply with in your industry and how are you addressing them?

 

Which third parties have access to your systems and what controls are placed on them?

 

How do you manage and control your core security infrastructure? What defenses do your Internet gateways have? Do you use two-factor authentication? Do you allow anything in your network to talk directly to the Internet? How are you protecting and backing up your data?

 

Do you have an insider threat program? Do you employ a data-leak prevention product?

SUMMARY

Cybercrime is a big and growing risk. To protect yourself and your business, consider people, processes, and technology. Address the core principles of risk, legal, expertise, framework, and exposure. Make sure you have the right expertise to provide oversight. Take action now to protect, defend, and deflect.

Theresa M. Szczurek, Ph.D.
C-Level Global Executive, Corporate Director, and Colorado CIO of the Year

Copyright 2021 Theresa Szczurek.  All rights reserved.  

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)