On guard against cyberattacks
All organizations are subject to cybersecurity risks. So, if you don't have a cybersecurity plan or cybersecurity business unit, “you should be afraid, be very afraid,” to quote the famous movie line.
Security breaches have an enormous impact. They can result in investment losses, legal costs and an erosion of consumer and investor confidence. Look no further than last year's Target Stores breach to understand how publicized breaches negatively impact an organization's reputation.
In a 2012 report, IBM said companies are attacked an average of 2 million times a week. The report also indicated a 38-percent jump in reported incidents of loss, theft and exposure of personally identifiable information over 2011.
And last February, Risk Based Security reported that more than 822 million records were exposed during data breaches in 2013, nearly double the previous high-water mark. That equates to 2.2 million records a day, or 1,560 per minute.
To build a business case that your organization must address cybersecurity concerns, quantify the threat first. While the data on security breaches continues to be a bit murky, (There's really no incentive for organizations to fully disclose when and what they have lost.), the available data provides a somber view.
The 2013 Cost of Data Breach Study: Global Analysis, released by the Ponemon Institute, reveals that the average cost of a data breach increased from $130 per record to $136. In the same report, the United States has cited an average cost of $188 per record. If that were applied to the Target breach, the cost would have been close to $20.7 million.
The reaction to recent breaches has led the public and investors to call on industries to develop a more proactive approach to cybersecurity risks. Organizations that effectively protect their proprietary data, including customer information, and that can respond effectively to security breaches send a clear message to the public, investors, and regulatory agencies about their attitude toward security, and can reap the rewards through increased consumer engagement.
Every level of an industry, including management, staff, vendors and suppliers, has the responsibility to address and respond to cybersecurity risks. As a business unit, cybersecurity personnel are not only responsible for identifying risks, but also for implementing controls for early detection, investigation and mitigation of cyberthreats, and taking corrective action to prevent further exploitation.
To accomplish this, cybersecurity departments must address these five elements:
1. Improve threat detection through the implementation of risk intelligence and forecasting;
2. Conduct security data management analytics;
3. Employ organizational risk consultants;
4. Develop secure control design and implementation that aligns with business needs; and
5. Implement organizational change through information security awareness and training programs.
Data breaches must serve as wake-up calls for business owners, managers and cybersecurity professionals. If your organization cannot determine whether it has experienced a data breach, if you don't have an effective cybersecurity risk management program, or if you have not positioned the cybersecurity function in your organization as an essential business unit, you're putting your organization at risk.
Larry Snyder is director of the M.S. in Cybersecurity Management program at Bay Path University, which is based in Longmeadow and has a location in Sturbridge. Contact him at snyder@baypath.edu.
WBJ Web Partners
Most Recent
Most Recent
0 Comments