In October, my colleague, John Murray, attended the CSX Cybersecurity Conference in Las Vegas where security professionals from around the world gathered to network, strategize and share new tools and perspectives on cyber security. This conference showcased many threats that businesses are facing today, such as hackers, denial of service attacks, ransomware and insider threats—just to name a few. So far in 2016, there have been more than 4,000 breaches reported in the U.S., resulting in nearly 750 million compromised records, with an expected financial loss of more than $400 million. Just a few weeks ago, the internet experienced a massive attack that kept many people from accessing popular web services such as Twitter, Spotify, Netflix, Amazon, PayPal and others. It’s not hard to imagine the stress security teams are under these days. In fact, the CSX presenters had a name for it: FUD—short for Fear, Uncertainty and Doubt.
With so Many New Cyber Security Challenges Facing Us Every Day, what are Businesses to do About FUD?
First, as many recent high-profile breaches have shown, third-party management continues to be an area of weakness for many companies that hackers are all too eager to exploit. That’s why it’s so important to establish a program to vet and monitor the security practices of third-party suppliers that potentially have access to intellectual property, personally identifiable information and other sensitive data.
Next, and a major topic at CSX, is the need to establish a program to detect, respond and recover quickly in the event of a breach. CSX presenters had a lot to say about this topic, from establishing procedures to effectively communicate with clients and internal teams, to analyzing lessons learned to strengthen processes to more effectively protect customer and employee privacy.
Last, but certainly not least, is the need for businesses to establish and maintain a robust security program to detect, manage and respond to cyber security threats. At IWCO Direct, we’ve found ISO 27001, PCI DSS and HIPAA standards to be a great place to start. Of course, as all CSX attendees know well, security is an ongoing process that demands continual improvement. This means adequately staffing security teams with trained professionals to cover the numerous threats companies are seeing today—not just delegating secondary responsibilities to already overtaxed IT departments. It also requires investing in security awareness training programs to ensure employees at all levels of the organization are educated on their responsibilities; ensuring proper technologies are in place to protect sensitive data; and continuously monitoring the effectiveness of people, processes and procedures.
When it comes to information security in today’s world, businesses in all industries have their hands full. That doesn’t mean FUD has to get you down. And despite the doom and gloom of this year’s cyber security conferences, we feel that Strength, Confidence and Trust – rather than Fear, Uncertainty and Doubt – are not only great goals to shoot for, but possible with the right people, practices and know-how. For more on how we manage it, feel free to drop me a line.
Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.