security

Is Your Head in the Cyber Security Sand?

By |April 9th, 2015|Categories: security|Tags: , , , , , , |Comments Off on Is Your Head in the Cyber Security Sand?

“We started as a relatively small company. Through success and internal growth along with some acquisitions, we are now a medium- sized company using the same policies and processes as when we first started.”

Does this sound familiar?

If so, take solace in knowing that you are not alone, but things have to change. For many companies, growth has outpaced their policies and processes, which can be a risky situation, especially in cyber security.

In information security, due care means “acting responsibly and doing the right things.” While information security is a very complex field, there are certain basic building blocks that must be in place for every company.

Ask yourself:

Do you know your company’s most important assets, where they are located, and how they are protected?
Do your employees understand their role in information security?
Do you understand the major vulnerabilities within your company?
Do you know the major threats and threat agents to your company / industry?
Do you know how your company would respond in the event of a cyber attack?
When the topic of cyber security comes up, most people think about firewalls, intrusion protection/detection systems, and other technical solutions. While these are inevitably part of the solution space, if you are hesitant or unsure of the answers to any of the questions listed above, you could be negligent in providing “due care” for your company.

You probably understand the things that need to be done to make your company secure from an information perspective. Nevertheless, not taking action—even by doing something as small as raising the issue with your leadership—can be construed as not “acting responsibly.” Knowing what to do and actually doing it are two completely different things. There will always be the “hot,” critical project that needs
[ Read More ]

CIOs—Unsung Heroes

By |March 25th, 2015|Categories: security|Tags: , , , , , , , , , |Comments Off on CIOs—Unsung Heroes

In my 35+ years of being a corporate change agent, and now at the helm of my own consultancy, I have worked with all levels of the C-suite, and I have to say the CIO role is by far the most difficult. There are numerous reasons for this, not the least of which is an outdated model of the C-suite itself.

The fact is that most companies still view IT and the CIO role through the narrow lens of providing technology-based services; they have not broadened that view to take into account the stunning changes wrought by digital technology. IT is no longer simply responsible for building, operating, and maintaining infrastructure; it’s responsible for data governance, driving growth through data analytics, cyber security, connectivity and integration. However, since most organizations are peering through the old lens of IT-as-service-provider, they are blind to IT as a revenue-producer. The irony here is that Sales, Marketing, R&D, Finance, and HR—those typically considered revenue-producing—are only able to do what they do because of IT and IT’s ability to stay ahead of the curve.

According to a recent IBM study of 4,100 C-suite executives, only 42% of CIOs were involved in strategy, as opposed to 72% for CFOs and 63% for CMOs. This is puzzling. Since IT touches everything, the CIO has an enterprise-wide vision that would be invaluable in integrating an enterprise-wide strategy. Luckily, the IBM study suggests that this is turning around—the CIO is soon going to be considered one of the C-suite “triumvirate,”: CEO, CIO, CMO.

Another reason the CIO role is more difficult than most is that it bears sole responsibility for ensuring business continuity through critical service level agreements that define uptime, availability and redundancy.
[ Read More ]

Hackers Aren’t Waiting. Why Are You?

By |February 11th, 2015|Categories: security|Tags: , , , |Comments Off on Hackers Aren’t Waiting. Why Are You?

Hackers Aren’t Waiting. Why Are You?

Why is Cyber/Computer Security so far down on your to-do list? If your reasons are any of the following, you might want to reconsider your priorities.

Let’s address each of these points in turn.

They can’t find you.  On a recent episode of 60 Minutes, Dave DeWalt, CEO of cyber security company FireEye, asserted that 97% of all companies are being breached. Ninety-Seven percent. So, unless you truly live off the grid, you have likely had a breach already. The real question is how bad is the damage?

They can’t find your valuables.  These criminals are very sophisticated and have the knowledge, tools and patience to find your sensitive data and exploit it.  Hacking has evolved from the lone geek making mischief to an actual profession and, as Lance Cottrell, Chief Scientist at Ntrepid and expert on security and privacy writes, “In most breaches, it turns out the hacker has been inside the network for months.”

Your valuables aren’t worth it.  Wrong again. They aren’t always interested in your data; often they are interested in your financial partner, investor, supplier and customer. Anything sensitive they can sell or make profit from.

You have other priorities.  You will always have other priorities. But believe me, if the hackers come—and they will—you will have to deal with the fallout and that will become your new priority.  With several methodologies at hackers’ disposal such as viruses, malware, botnets and ransomware, cleaning up the damage will be more involved than you think.

You don’t know where to start. Improving your security begins with having a prioritized list of actions based on risks to your company.  A risk assessment will accomplish that and, at the same time, help you raise
[ Read More ]