Cyber Issues

If you haven't gotten serious yet about preparing your organization for a cyber attack, now's the time. A recent survey from Juniper suggests that cybercrime may cost businesses more than $2 trillion in the next five years, citing the increasing professionalism of cyber crime. We've rounded up some articles this week that provide some insight on what's happening in cyber security and how you might prepare to respond to attacks. Talk with your team about policies and procedures you might put in place to protect your assets.

The best way to demonstrate the needs for cyber security policies and procedures is to perform a Cyber Security audit and implement the resulting recommendations. (Item #1)     It is absolutely critical to understand what kind of data a company collects, how the company uses, stores, shares, processes, protects, and disposes of information, and how to develop and evaluate a plan to respond to attacks that target these data. (Item #2)     This white paper provides essential insights for management to get the basics of cyber security right. (Item #3)    

Organizations need to accept that an attack is not only possible but that it is likely: and that requires a mind-set shift. (Item #4)     It seems buying insurance against the financial consequences of cyberterrorism from Lloyds of London, the world's oldest insurance market, is easier and more palatable than tackling the underlying problem. (Item #5)     This cybersecurity controls checklist could be helpful in determining how prepared you are to meet the threat of cybercrime. (Item #6)    

As always, I look forward to hearing about your concerns with regard to business continuity. If there are any topics that you'd like to see covered, email me at [email protected].

Bob Mellinger, President
Attainium Corp

1. The Importance of Cyber Security within Your Organization

You know that Cyber Security is an important Business Continuity Planning (BCP)/COOP issue, but like everything else in the BCP/COOP world, unless you get buy-in across the board, Cyber Security policies and procedures will be ignored. So the purpose of this article is to prepare you to articulate the importance of Cyber Security, to gain allies to implement procedures, and to justify the value of a Cyber Security Audit.
http://www.enterprisecontinuity.com/index.php?option=com_content&view=article&id=1717:the-importance-of-cyber-security-within-your-organization&catid=6:information-technology

2. Cybersecurity and Privacy Diligence: Incident Response and Business Continuity Planning

What the events of 2014 - including the hack of Sony Pictures -- proved to corporate America is that there are no fool-proof methods for detecting and preventing a devastating cyber-attack. As FBI Director James Comey eloquently put it, "There are two kinds of big companies in the United States. There are those who've been hacked... and those who don't know they've been hacked.
http://www.dandodiary.com/2015/02/articles/cyber-liability/guest-post-cybersecurity-and-privacy-diligence-incident-response-and-business-continuity-planning/

3. Cyber security: it's not just about technology

The management of any organization faces the task of ensuring that its organization understands the risks and sets the right priorities. This is no easy task in light of the technical jargon involved and the pace of change. Focusing on technology alone to address these issues is not enough. Effectively managing cyber risk means putting in place the right governance and the right supporting processes, along with the right enabling technology. This complexity, however, cannot be an excuse for company management to divest responsibility to technical "experts."
http://advisory.kpmg.us/content/dam/kpmg-advisory/PDFs/RiskConsulting/2015/cyber-security-not-just-technology.pdf

4. Cyber security breaches: hiding in plain sight

In a world of constantly emerging threats, security is a tough job: but the concepts of best practice have been devised for a reason. The challenge for organizations is to attain that balance between unworkable change control practices and an anarchic environment that provides ample opportunities to hide.
http://www.continuitycentral.com/index.php/news/technology/300-feature1321

5. Insurance Won't Solve Cybercrime

Companies are finding a way to minimize the repercussions when their digital security is violated. Unfortunately, they're turning to the same safeguards that protect the guitar-strumming hands of Keith Richards, the goal-scoring limbs of David Beckham and the most remarkable assets of Dolly Parton, rather than coming clean about the perils of data breaches or pooling information so that threats can be properly quantified and addressed. In short, they're focusing on the consequences of cybercrime, not the causes, by purchasing liability and errors-and-omissions insurance.
http://www.bloombergview.com/articles/2015-04-13/cybercrime-is-the-problem-but-insurance-isn-t-the-solution-

6. Cyber Security Controls Checklist

This is a simple checklist designed to identify and document the existence and status for a recommended basic set of cyber security controls (policies, standards, and procedures) for an organization. Security controls are designed to reduce and/or eliminate the identified threat/vulnerabilities that place an organization at risk.
http://www.utah.gov/beready/business/documents/BRUCyberSecurityChecklist.pdf