Analysis & Commentary on the Week’s Cyber Security Issues
The “so what” factor feeds and aggregators don’t give you.
To Defend Against Cyber Threats, Expand Your Security Perspective Outside Your “Walls”
Defending your business and customers against cyber threats starts with understanding what you’re up against. That may sound pretty obvious; studying the adversary is a common practice. In sports it’s done all the time. Teams watch hours of game film of their upcoming opponents to understand strengths and weaknesses and devise winning strategies and plays. But when it comes to cyber security, instead of looking outward, we’ve become accustomed to traditional security approaches that start at the perimeter and focus inward. In today’s increasingly connected and digital world we need to expand our perspective to look outside the walls of the enterprise as well. (Security Week)
IoT Attacks Could Bring Real-World Damage
Members of Congress received a dire warning this week about security vulnerabilities in the so-called internet of things (IoT), as cyber experts cautioned that with billions of new devices coming online, coordinated hacking attacks could become — literally — a matter of life and death. House lawmakers convened the hearing on IoT security in response to last month’s distributed denial-of-service attack on the internet addressing provider Dyn, which resulted in temporary outages at popular sites like Twitter and Spotify. (Network World)
Study: 66% of Organizations Won’t Recover After Cyberattack
A recent study performed by IBM’s Resilient and the Ponemon Institute found that 66% of organizations would be unable to recover from a cyberattack. The results of the 2016 Cyber Resilient Organization study show a decline in organizational resilience against cyberattacks. Of the respondents, 32% of IT and security professionals ranked their resilience as high. That same number was 35% in 2015, marking a drop over the past 12 months. A press release announcing the study defined resilience as “an organization’s ability to maintain its core purpose and integrity in the face of cyberattacks.” (Tech Republic)
Cyber Responsibility: The Trickle-Down Effect
There was a time when cyber security was the sole responsibility of IT, but those days are long gone. Today’s executives know better than to presume themselves and their enterprises immune from a cyberattack, which is why staying safe online requires more than an old “do as I say” mentality. A pair of Cisco leaders, CEO John Chambers and SVP and Chief Security and Trust Officer John N. Stewart place the responsibility squarely on the leadership’s shoulders. “The CEO must make it clear that security is not just an IT problem—it is a priority for the business that is top of mind. Business and technology leadership must work together to discuss potential risks and find solutions that protect intellectual property and financials alike.” (CIO)
Toujours en Avant. I just made this very same argument recently to a room full of CxOs and board members, to varying levels of agreement. You’re never going to convince someone who has had the ‘lead from the front’ mantra drilled into his psyche that there is any other approach, but then in business circles not everyone at echelons-above feels the same way. Regardless of your leadership style remember one thing: people will focus on whatever they are rated on or compensated for. If cyber security is not something that impacts their personal bottom line, they won’t do it regardless of what you say or do.
Adobe Fined $1M Over Personal Data Leaked in 2013 Data Breach
A data breach that occurred in 2013 has resulted in Adobe Systems being fined $1 million by 15 U.S. states for failing to put the necessary security measures in place to prevent the attack. Almost half a million of the company’s customers were affected in the breach when servers containing their personal data were accessed after a cyber attack. North Carolina and the 14 other states involved in the case have levied such a high fine on Adobe to send the message that companies are indeed responsible for their customer’s data. (IT Pro Portal)
That’ll show ’em! To put things into perspective, Adobe made $1.4 Billion last quarter. There is no shortage about the costs of data breaches rising, but economically speaking doing the least you are required to do – poorly – still makes a lot of sense for the largest enterprises, which ironically are the ones who have the most personal data to lose. To be fair the time and expense of trying to determine who needed to be alerted probably cost another $1M, but that’s 3-5 cyber security FTEs they didn’t have to hire. What’s the solution? With courts increasingly requiring that “victims” show loss or suffering due to a breach, its not clear that there is one.
Back to Basics: Maximizing Cybersecurity Capabilities
Following the 9/11 attacks in 2001, firms around the world turned their attention to enhancing physical security. At the time, many organizations established vast data centers to protect against the loss of company data and to ensure the continuity of business operations. Fast forward to the present day, and innovative information technology solutions are once again contributing to robust risk management programs, specifically around the ability to prevent and combat cyberthreats. But while new defense technologies to obstruct cyberthreats are innovative and often helpful, there are a number of prevention techniques that have existed for many years that remain fundamental components of any modern security program. (Dark Reading)
Your regular reminder of the importance of blocking and tackling.