The RE: View for July 2015

August 04, 2015

July 8

The Role of the Board in Cybersecurity: “Learn, Ensure, Inspect”
InformationWeek DARKReading
In the wake of dozens of high-profile and devastating data breaches, companies and organizations are looking at ways to protect themselves and mitigate cyber threats. According to Jason Straight, senior vice president and chief privacy officer at UnitedLex, many boards of directors are responding to growing cybersecurity concerns not only by spending more money on security but also by working to 1) educate themselves on their companies’ cyber risk profiles, 2) ensure they have access to sufficient expertise to provide ongoing insight and advice and 3) conduct regular reviews of their cybersecurity plans and assess their readiness for breaches. Straight breaks these priorities down and highlights three “imperatives” for boards hoping to strengthen their organizations’ security and preparedness.

July 15

Data Breaches Boost Funding for Cybersecurity Startups
The Wall Street Journal
As public attention to data breaches and other cybersecurity concerns increases, security-related startup efforts are seeing more opportunities for funding and growth. According to researcher CB Insights, venture firms invested $1.2 billion in cybersecurity startups in the first half of 2015, compared to only $771 million in the first half of 2013. Investors and security experts weigh in on the shifting environment for new cybersecurity companies.

July 20

4 Ways to Engage Executives in Cyber Risk
The Wall Street Journal
Deloitte & Touche’s recent survey of retail executives shows that many retailers are working to strengthen their cyber risk management programs and that they are recognizing  “accountability for cyber risk cannot rest solely within the IT organization.” Despite these improvements, retailers still have work to do to improve their cybersecurity and preparedness. Deloitte offers and addresses four steps for organizations to follow: host cyber a risk heat-mapping session, establish key risk and performance indicators, simulate a cyber incident and scrutinize the security implications of new technologies.

July 21

Are Current Cybersecurity Measures Enough? Professionals Can’t Agree.
Slate blogger Lily Hay Newman shares data from two recent studies – McAfee, the Aspen Institute and Intel’s Critical Infrastructure Readiness Report and the 2015 Black Hat Attendee Survey – to showcase significant differences in the viewpoints of cybersecurity professionals on whether their organizations are prepared to handle cyber attacks. In the former report, 75 percent of respondents were largely confident in their organizations’ “framework for identifying intrusions,” but a vast majority reported having experienced at least one cyber attack on their systems. In the latter study, 73 percent of respondents said they thought their organizations would suffer data breaches in the future and only 27 percent said they would be able to handle those attacks. These reports and their varied results show that many cybersecurity professionals may not think their organizations are spending the right amount of “time, budget and staffing resources” to deal with cyber threats.

July 22

Getting Cybersecurity Insurance After a Breach
According to cybersecurity and technology executive Todd Bell, getting cybersecurity insurance after being breached can be challenging due to a primary underwriter dropping the company or deciding not to offer further coverage, rates for post-breach insurance rising or other factors ‒ particularly when an organization has suffered multiple cyber incidents. Bell offers advice and insight from several security experts on the considerations organizations should weigh with cyber insurance when preparing for and recovering from breaches.

July 23

How to protect your business from hackers
The Guardian
In a recent survey of 9,6,00 IT executives around the world, 41 percent of respondents said they had experienced security incidents in the past year, with 37 percent of that group having suffered financial losses from those incidents. Danny Bradbury highlights some of the primary methods to secure corporate data in an age of frequent breaches:

  • taking a two-pronged approach to protecting the devices employees use
  • encrypting information on devices
  • enabling two-step authentication
  • considering the security and trustworthiness of cloud providers before giving them organizational information
  • having effective policies and procedures and employee cooperation with them
For additional information on how your business can stay safer and more secure online, visit the RE: Cyber pages.