For the busy executive that doesn’t have time to read lengthy articles but wants to stay on top of Cybersecurity strategies and thought leadership, Family-Driven Awareness Inc. proudly introduces our easily digestible bites of Cybersecurity knowledge. If you like what you see, please keep checking for new updates.
Worldwide spending on cybersecurity is predicted to top $1 trillion for the five-year period from 2017 to 2021, according to the Cybersecurity market report published by cyber security ventures. All of that spending means there are a lot of jobs that will be available in the cybersecurity industry. However, not a lot of people are considering cybersecurity as a career. The ISACA, a non-profit information security advocacy group, predicts there will be a global shortage of two million cyber security professionals by 2019. And for every ten cyber security job ads that appear on careers site Indeed, only seven people even click on one of the ads, let alone apply. If you are looking for an industry where you will never run out of work, never be bored and get to help people protect themselves against bad guys, then please consider a career in cyber security!
I have been asked recently how to approach business leaders about cybersecurity when they don’t follow the breach headlines and it’s true not all executives follow these stories. Keeping your executives up to date on breach headlines is a great way to make security top of mind, just as you would start locking your car doors in your driveway if your neighbours’ cars were getting broken into, your business leaders may start thinking differently about cybersecurity if they were made aware of what is happening in their industry. However, even better than simply making them aware of the headlines, Security teams should consider helping executives connect the dots between what happened to that company that got breached, what might happen to us, and what we can do to stop it. Giving senior executives examples of the personal brand damage that can come as a result of a data breach is also an effective strategy for engaging them with cybersecurity, as well as highlighting the threat to executive jobs. As we’ve seen from the fall-out of recent major data breaches, security is everyone’s responsibility. In the end, employees at all levels need to buy into this idea.
When it comes to protecting our data, sometimes we may drop our guard while traveling.
To help keep you on track, here are two simple tips to remember.
- Don’t leave your travel receipts, and itineraries in the back of the seat of the airline or in a cab. Take them home and shred them. The barcodes on them contain an enormous amount of personal identifiable information.
- Always be cautious of those USB charging stations that you see throughout airports. A USB can pass both power and data and it’s easy for a scammer to manipulate that charging station or even just leave a cord that contains malware. When I need to charge one of my devices and I’m at an airport, or anywhere in public, I always prefer to plug into an old-fashioned electrical wall outlet instead of a USB charging station.
The best way to develop cybersecurity awareness habits is to first understand that you are, in fact, a target for cybercriminals. For the most part, as a society, we seem to understand that the impacts associated with a cyber breach are pretty bad. I find that we just don’t seem to believe the probability. No one seems to think it will happen to them.
Understand that, if you have data, then you do have cyber risk. If you truly believe and understand you and your data are at risk, then you are already well on your way to becoming cybersecurity aware.
9 billion credentials have been stolen since 2013. These credentials are then being sold on the Dark Web for as little as $3, thus giving those that are willing to pay remote access to your corporate devices. This may bring to mind four questions.
- How do I find out if my corporation’s credentials are being sold on the dark web?
- How do I monitor the Dark Web to not only find out about compromised data, but catch and respond to threats?
- How do I create effective polices and procedures to minimize risk?
- How do I detect patterns before turning into trends, using the intelligence to keep my organization protected?
During the time of a crisis or emergency, what is the one thing everyone wishes they had more of? Time. In a crisis caused by a cyber security breach you will have information from multiple sources, often incomplete or of uncertain accuracy, that must be factored into decision-making under tight deadlines. There will be pressure from internal and external entities ranging from customers to employees, from shareholders to business partners to regulators, and from the media. There will be competing demands to stop the loss of data, mitigate the effects of the breach, identify the perpetrator, resume normal operations, lock down the systems, analyze the problem, quickly communicate internally and with regulators, and make public statements right now. So how do you get more time? By developing an incident response plan that addresses every aspect of a breach and your response, and of course practicing it.
Leaders within organizations need to help their employees understand why being aware is so important. And the best way to do this is by making your message specific to your audience. When encouraging employees to follow best cybersecurity practices, don’t tell them it will help keep the company secure; rather, tell them how good cybersecurity hygiene will help protect them and their families. I find that a person’s willingness to learn about any topic will greatly increase if they understand how the lesson will benefit them personally.
According to Carbon Black, 70% of all attacks attempt some kind of lateral movement. Indicating that an attack in one part of your business will most likely effect another. Meaning, if you feel you have an employee that is not important enough to be trained on cybersecurity awareness, think again!
If you don’t have a cybersecurity background, but wanted to have a discussion with those that do, the U.K. National Cyber Security Centre details five questions board members should ask their organization’s chief information security officers about cybersecurity preparedness:
- 1. How do we defend the organization against phishing attacks?
- 2. How does the organization control the use of privileged IT accounts?
- 3. How do we ensure that the organization’s software and devices are up to date?
- 4. How do we make sure partners and suppliers protect information the organization shares with them?
- 5. What authentication methods are used to control access to systems and data?
Take some time to check out the center’s site for some great information, which includes potential answers you’d receive to these questions.
No. 1: Secure Your Operations Including but not limited to: (Assemble a team of experts. Secure physical areas. Stop additional data loss. Remove improperly posted information. Interview people who discovered the breach. Do not destroy any forensic evidence.)
No. 2: Fix Vulnerabilities It’s necessary to have a long-term plan when it comes to preventing another data crisis. Take a look at all areas of your business and determine where there are vulnerabilities that could lead to further breaches. Including but not limited to: (Think about service providers. Check your network segmentation. Work with your forensic experts. Have a communications plan.)
No. 3: Notify Appropriate Parties Following a data breach, it’s imperative that your company maintains good communication, with the constituents whose information may have been compromised, as well as appropriate outside groups and law enforcement. Know which parties you are responsible for communicating with and the laws surrounding these notifications. Including but not limited to: (Determine your legal requirements. Notify law enforcement. Determine if the breach involved electronic health information. Notify affected business. Notify individuals.)