Bites
For the busy executive that doesn’t have time to read lengthy articles but wants to stay on top of Cybersecurity strategies and thought leadership, Family-Driven Awareness Inc. proudly introduces our easily digestible bites of Cybersecurity knowledge. If you like what you see, please keep checking for new updates.
Sun Tzu and Cybersecurity
Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win – Sun Tzu. The Art of War
PIPEDA and You
And so it begins. Effective November 1st in Canada, breach readiness takes on a whole new meaning. New regulations regarding mandatory notification, reporting and record keeping of privacy breaches under Canada’s federal data protection law, the Personal Information Protection and Electronic Documents Act (PIPEDA) come into effect. In addition to details on record keeping in relation to breaches, the new regulations will detail:
- What breaches require notification?
- Who needs to be notified of the breach?
- When notification needs to happen?
- How the notification needs to be delivered?
These changes will present new risks, costs, and challenges for organizations including: incident response, compliance, legal risk management and additional liability and regulatory exposures. Are you ready?
Hackers Don’t Hack Tech Anymore
10 years ago a bulk of cybersecurity attacks focused on defeating cyber infrastructure like firewalls, routers and anti-virus software. But over the last decade, the target of attacks shifted. People turned out to be more vulnerable than hardware or software. Every employee, from the CEO to a new hire, is vulnerable to attacks and attackers have gotten clever, targeting and tailoring their scams to specific people. Phishing emails are filled with personal information scammers skim from the internet about their targets. And to add to this problem, we all tend to leave a lot of publicly available information out there for scammers to use against us. When building a cybersecurity strategy, no matter how big or small, no matter how simple or complicated, every organization must have a plan to deal with the human factor. What is your plan?
AI and You
A joint survey from BCG and MIT’s Sloan Management Review found that leaders in most industries believe AI technology will have a significant impact during the next five years but is AI right for your organization? Amara’s law states that “we tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.” Leaders face the twin challenge of deciding if an investment in AI can create value in the near term while figuring out how to adapt their organizations for a world in which AI is everywhere. If you are considering AI for our organization, you may want to ask yourself the following questions:
- What business problem am I trying to solve?
- Will AI help increase revenue, decrease cost, or mitigate risk?
- Why do I need AI to solve this problem?
The prospect of AI is an intriguing one, but you need to focus on the outcomes delivered and not the technology used to achieve them. Will you gain a margin of improvement that makes the cost of AI worthwhile? Figure out a test to evaluate the size of the margin. Run it on paper and again in a proof-of-concept project. Make sure AI earns its premium.
Estimating the Costs of a Breach
The cost of a data breach can be difficult to estimate, but it is far from impossible. If you take into consideration the corporate context, both internal and external factors, the nature and number of records involved in the leak, the ability to promptly detect incidents and leave room for an acceptable level of uncertainty, cost estimates can be highly similar to a real case. Here are four areas to consider when calculating the cost of a data breach.
- Contextual Factors: Location, Industry and Data Types Drive Breach Costs
- Public Relations: Effective Outreach Can Reduce Data Breach Fallout
- Response Time: Slow Time-to-Detect Periods Increase Breach Costs
- Unknown Factors: Even the Best Laid Security Strategy Can Fail
Breach Fatigue
Do your employees have breach fatigue? Big breaches make the headlines, so when the average employee comes across regular news of large organizations suffering a data breach, they often struggle to believe that they themselves can help defend against such an attack. Placing this alongside NIST’s findings that employees often question why somebody in a perceived non-sensitive position would even be targeted, then there is a big concern. As a result, not only are users receiving a high number of security notifications, they also fail to see their relevance to these messages. Many end users aren’t aware that most attacks are automated and that, ultimately, we’re all targets, regardless of our position or sector. Encouraging a proactive and security-minded culture is important to helping fight this stigma, and to also demonstrate that cybersecurity isn’t “just a tech problem”, it’s the responsibility of all users. Educating the workforce to take ownership of protecting their data, as well as the importance of knowing the threats that face all of us, can replace the mindset of online security being just another email.
Cyber Resilience and you!
Cyber resilience strongly depends on access to real-time threat identification and analysis. Understanding the specific nature of a threat allows organizations to identify and address vulnerabilities in business operations. To ensure your systems and staff are up to date on the tactics and methods cyber criminals use, you need access to reliable, relevant intelligence. The top threats to watch include risks to confidentiality, integrity, and availability of stored data.
Cybersecurity Readiness
Nearly 75% of Organizations in 5 Countries Fail in Cyber Security Readiness, this according to a study commissioned by specialist insurer Hiscox. Depending on your roles and responsibilities, this may bring up a few good questions.
- Would my organization fall into that 75%?
- What would the cost of a data breach be to my business, and what is the likelihood of an attack?
- What is my incidence response plan?
Who Would Come After Us?
“We don’t have the same risks as the big guys, who would come after us?” Even in this day and age, I still hear that way too often. If you have data, then you have cyber risk. However, so many people I talk to remain in denial about cyber exposure. Hackers don’t care what size your business is and they have a growing bag of tricks that will allow their cybercrimes to interfere with or completely destroy your business, including ransomware attacks, impersonation schemes to effect wire transfer frauds, and theft of inside information. Cybersecurity is something we all need to take seriously regardless of our size.
Things Are About To Get More Expensive
GDPR is about to make your breach even more expensive! Security breaches are already costly; not just financially, but in terms of brand damage, customer dissatisfaction and downtime. For companies that do business with residents of the European Union (EU), the financial fallout from a security breach is about to get much more expensive. That’s why it’s imperative for organizations to get ready for GDPR now, so they’re not playing catch up. What is the GDPR? With the introduction of the General Data Protection Regulation (GDPR), the EU is enacting a set of mandatory regulations for businesses that goes into effect soon, on May 25, 2018. Organizations found in non-compliance could face hefty penalties of up to 20 million euros, or 4 percent of worldwide annual turnover, whichever is higher. So how do companies ensure their systems and their customers’ data are protected when the GDPR takes effect? As with most security recommendations, it’s about having a battle plan in place well beforehand. Are you doing business with residents of the EU? If so, do you have a battle plan? Let’s talk about it.