The RE: View for July 2015
The Role of the Board in Cybersecurity: “Learn, Ensure, Inspect”
In the wake of dozens of high-profile and devastating data breaches, companies and organizations are looking at ways to protect themselves and mitigate cyber threats. According to Jason Straight, senior vice president and chief privacy officer at UnitedLex, many boards of directors are responding to growing cybersecurity concerns not only by spending more money on security but also by working to 1) educate themselves on their companies’ cyber risk profiles, 2) ensure they have access to sufficient expertise to provide ongoing insight and advice and 3) conduct regular reviews of their cybersecurity plans and assess their readiness for breaches. Straight breaks these priorities down and highlights three “imperatives” for boards hoping to strengthen their organizations’ security and preparedness.
Data Breaches Boost Funding for Cybersecurity Startups
The Wall Street Journal
As public attention to data breaches and other cybersecurity concerns increases, security-related startup efforts are seeing more opportunities for funding and growth. According to researcher CB Insights, venture firms invested $1.2 billion in cybersecurity startups in the first half of 2015, compared to only $771 million in the first half of 2013. Investors and security experts weigh in on the shifting environment for new cybersecurity companies.
4 Ways to Engage Executives in Cyber Risk
The Wall Street Journal
Deloitte & Touche’s recent survey of retail executives shows that many retailers are working to strengthen their cyber risk management programs and that they are recognizing “accountability for cyber risk cannot rest solely within the IT organization.” Despite these improvements, retailers still have work to do to improve their cybersecurity and preparedness. Deloitte offers and addresses four steps for organizations to follow: host cyber a risk heat-mapping session, establish key risk and performance indicators, simulate a cyber incident and scrutinize the security implications of new technologies.
Are Current Cybersecurity Measures Enough? Professionals Can’t Agree.
Slate blogger Lily Hay Newman shares data from two recent studies – McAfee, the Aspen Institute and Intel’s Critical Infrastructure Readiness Report and the 2015 Black Hat Attendee Survey – to showcase significant differences in the viewpoints of cybersecurity professionals on whether their organizations are prepared to handle cyber attacks. In the former report, 75 percent of respondents were largely confident in their organizations’ “framework for identifying intrusions,” but a vast majority reported having experienced at least one cyber attack on their systems. In the latter study, 73 percent of respondents said they thought their organizations would suffer data breaches in the future and only 27 percent said they would be able to handle those attacks. These reports and their varied results show that many cybersecurity professionals may not think their organizations are spending the right amount of “time, budget and staffing resources” to deal with cyber threats.
Getting Cybersecurity Insurance After a Breach
According to cybersecurity and technology executive Todd Bell, getting cybersecurity insurance after being breached can be challenging due to a primary underwriter dropping the company or deciding not to offer further coverage, rates for post-breach insurance rising or other factors ‒ particularly when an organization has suffered multiple cyber incidents. Bell offers advice and insight from several security experts on the considerations organizations should weigh with cyber insurance when preparing for and recovering from breaches.
How to protect your business from hackers
In a recent survey of 9,6,00 IT executives around the world, 41 percent of respondents said they had experienced security incidents in the past year, with 37 percent of that group having suffered financial losses from those incidents. Danny Bradbury highlights some of the primary methods to secure corporate data in an age of frequent breaches:
- taking a two-pronged approach to protecting the devices employees use
- encrypting information on devices
- enabling two-step authentication
- considering the security and trustworthiness of cloud providers before giving them organizational information
- having effective policies and procedures and employee cooperation with them
- STOP. THINK. CONNECT. International Online Safety Awareness Campaign Enters New Era With Focus on Young Adults and Student ICT Users
- Netpathie of Switzerland Joins the Global STOP. THINK. CONNECT. Cybersecurity Awareness Campaign
- National Computer Emergency Response Team of Kazakhstan Joins STOP. THINK. CONNECT. Cybersecurity Awareness Campaign
- STOP. THINK. CONNECT. Cybersecurity Awareness Campaign Launches in Ireland in Coordination with National Awareness Lab
- Argentina Launches PARA. PIENSA. CONÉCTATE. Campaign at Tierra del Fuego Kick-Off Event
- Choosing your Cybersecurity Career Path
- Help! My IT Employee Went Rogue
- Child Identity Theft
- #ChatSTC Twitter Chat: May the Cyber Force Be With You
- #ChatSTC Twitter Chat: Now Matters – How Are You Fighting Cyber Threats?