Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks

The specifics of a security approach may vary according to circumstances, but the mesh that connects the elements is situational awareness combined with systematic abilities for critical communications in cases of emergency.

What are the new Cybersecurity Stakes – What are vulnerabilities and risks?

We live in world of algorithms; x’s and o’s. Our digital world is ripe for access and compromise by those who want do harm from just a laptop and server. A myriad of recent breaches have demonstrated that as consumers we are becoming more and more dependent upon digital commerce. Our banking accounts, credit cards, and financial daily activities are interconnected. We are all increasingly vulnerable from hackers, phishers, and malware proliferating across all commercial verticals.

In the past year, the employment of ransomware has become a method of cyber-attack choice by hackers. This is because many networks (especially hospitals, utilities, universities, and small businesses) are comprised of different systems, devices and often lack required patching and updating necessary to thwart attacks. The recent Wannacry, and Petya attacks were certainly wake up calls to the disruptive implications of ransomware. We can expect to see more such attacks because of the ease of infection and because the vulnerabilities to networks still remain. Continue reading “Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks”

Board Directors Need to Get Involved With Cyber Risk Governance

Board directors are under a lot of pressure. They know that it’s only a matter of time before their organization suffers a cyber incident, and all eyes will naturally be on the directors themselves to see if they were properly exercising their risk oversight.

Directors also know that all interactions with the CISO will be subject to close scrutiny in the aftermath of a breach. But with the right mix of security education, communication and help from outside experts, executives can fill cyber risk awareness gaps and achieve compliance with a growing number of privacy and risk regulations. Continue reading at SecurityIntelligence.com

A Quick Summary of Recent Trends & Developments That Businesses and Law Firms Should Know

“Nearly 60 percent of small businesses have to close shop after a data breach, which costs, on average, about $32,000 per attack.”

Cybersecurity Spending Soaring:

According to market research firm Gartner, global spending on information security is expected to reach nearly $87 billion in 2017 — an increase of around 7 per cent over 2016 – and is expected to top $113 billion by 2020.  Also according to Gartner, by 2020, 40 percent of all managed security service (MSS) contracts will be bundled with other security services and broader IT outsourcing (ITO) projects, up from 20 percent today. Continue reading “A Quick Summary of Recent Trends & Developments That Businesses and Law Firms Should Know”

Situational Awareness: Beware of Your Cyber Surroundings

For all the solutions out there, make sure you are packing the right material for you because you only have a finite amount of resources. This is what it means to be situationally aware. And this exercise also helps you prioritize what data you value most.

In previous articles on understanding big data, the need for AI, using encryption and tokenization (including the drawbacks of encryption), and the series on human vulnerabilities, we laid down just some of the building blocks necessary to create a robust cybersecurity strategy. Yet there is a larger problem we often experience: losing the trees for the forest. All the tips we have mentioned thus far are great, but only if you are situationally aware of your own challenges.

If you have legal or regulatory compliance issues, such as European Union’s General Data Protection Regulation (GDPR) or Health Insurance Portability and Accountability Act (HIPPA), you have no choice but to follow them. However, neither of us are big fans of standards and certifications for the simple reason that they rarely meet your specific needs in addition to being a costly undertaking in both time and money. This is why we are fans of frameworks, such as NIST Cybersecurity Framework (updated in January 2017) for the exact reason that a framework allows you to meet your own needs. Continue reading “Situational Awareness: Beware of Your Cyber Surroundings”

NACD Publishes Five Cybersecurity Principles Every Board Director Needs to Know

“Directors don’t need to be technologists to play an effective role in cyber risk oversight — but every board can take the opportunity to improve the effectiveness of their cyber oversight practices.” — Peter Gleason, NACD President

In January 2017, the National Association of Corporate Directors (NACD) released an updated edition of its “Director’s Handbook on Cyber Risk Oversight.” In light of increasing pressures from regulators and ongoing cyberattacks, board directors have a key role to play to ensure proper oversight of cyber risks for their organizations.

The 2017 edition improves on the 2014 version by clarifying several points for board directors to help them understand the strategic importance of cyber risks and the complexity of threats. It also includes several appendices that both chief information security officers (CISOs) and directors will find useful when preparing for mergers and acquisitions (M&A). The appendices also contain information about metrics and dashboards, and the relationship between boards and CISOs. Continue reading on SecurityIntelligence.com

Grading Global Boards of Directors on Cybersecurity

Despite apparently being way ahead of their contemporaries in the E.U. countries surveyed, US and UK directors and executives clearly have work to do. One cybersecurity executive aptly noted: “Cyber security is ‘no longer a dark art but an everyday business practice that must pervade every level of the organization.’”

On April 1, 2016 NASDAQ, along with Tanium (a leading-edge cybersecurity consultant), released a detailed survey of nonexecutive (independent) directors and C-suite executives in multiple countries (e.g., the US, UK, Japan, Germany, Denmark, and the Nordic countries) concerning cybersecurity accountability. [1] NASDAQ and Tanium wished to obtain answers to three basic questions: (1) how these executives assessed their company’s vulnerabilities to cybersecurity threat vectors; (2) how they evaluated their company’s readiness to address these vulnerabilities; and (3) who within the company was held “accountable” for addressing these cybersecurity vulnerabilities. Continue reading “Grading Global Boards of Directors on Cybersecurity”