The Internet of Things – Rose Isn’t the Only Color the Glasses Come In

By Guy Higgins

Recently, my reading has included Chaos, Making a New Science, a book by James Gleick, a Forbes article, A Smart Home is Where the Bot Is, and an Aviation Week article, Why Are Airlines Slow to Enter the Digital Age? At the same time, I “enjoyed” a couple of encounters with the digital world. In the oft-quoted words of Inigo Montoya, “Let me ‘splain. No, there is too much. Let me sum up.” Continue reading

A Note to CEOs – It Will Happen to You

By Guy Higgins

I recently read a short article on the understanding of US, UK and Japanese CEOs to prepare for and respond to a cyber breach. The bottom line of the article is that they aren’t! Ninety percent of the 1530 CEOs interviewed did not truly grasp the magnitude of the threat, did not understand their company’s cyber-security preparations, and did not understand their company’s plans to respond to an actual cyber breach. Appallingly, forty percent of the CEOs did not even think it was their responsibility!

Some basic facts:

  • Every company, organization and person is the target of hackers
  • Every 12 seconds (24/7/365), there is a cyber attack on a company in the U.S.
  • Your IT security team must succeed 100% of the time 24/7/365 – forever. One failure and you have been breached.
  • Two thirds of all cyber breaches are caused by your employees (including you) because:
    • They don’t update their software as your IT team almost doubtlessly urges them to do
    • They don’t pay attention to the basic cyber security tenets your IT team publishes (e.g. don’t use “PASSWORD” as your password)
    • They don’t password protect access to their computer or they don’t routinely turn it off or put it to sleep when they leave their desk
    • The allow access to their computer by a colleague, or (worse yet) a visitor
    • They open emails from unknown senders (one in three employees do this)
    • They click on links within suspicious emails (one in eight employees do this)
  • An actual cyber breach is not just an IT security problem (they have already done their best) – it is a business problem, a liability problem, a PR problem, and (increasingly) a legal

As the CEO, you are responsible for your company, including cyber security and cyber breach response – just as you are responsible for revenue and earnings. The buck does stop at your desk.

Since, as the CEO, you are almost certainly not the cyber-security or cyber-breach expert, what do you do? The same thing that you do for all of your other responsibilities – you find an expert and delegate authority and responsibility for cyber security and cyber-breach response to those experts. It is important to emphasize again that cyber-breach response is not an IT problem. It is a business problem, so you should not automatically delegate cyber-breach response to the IT or cyber-security folks. Pick the right person, empower her, support her and resource her.

It is irresponsible to behave as though your company will not be cyber attacked or that your cyber defenses will never be penetrated. A rapid, transparent and well conceived response to a cyber breach can enhance your company’s reputation rather than damaging it. The failure to be prepared for such breach will damage and may destroy your company’s reputation.

Predict your vulnerability to cyber attack – this is easy. You are vulnerable.

Plan your response to a cyber breach – as a business issue and not only a security problem.

Enhance your ability to Perform by exercising your cyber-breach plan regularly.

Predict.Plan.Perform

Cyber Attacks Ain’t That Bad

By Guy Higgins

I recently read a post, Flipping the economics of attacks. This post referenced a new study conducted by The Ponemon Institute for Palo Alto Networks. The study found that:

  1. “… the average hacker makes only $15,000 on average per attack”
  2. The average hacker generates an “income of less than $29,000 per year”
  3. Seventy-two percent of hackers interviewed “won’t waste time on an attack that will not quickly yield high-value information”
  4. “The vast majority (73%) stated that attackers hunt for easy, cheap targets”

Continue reading

Preparedness in the Cyber World

By Guy Higgins

Verizon recently published their 2015 Data Breach Investigations Report (DBIR). The report analyzed just under 80,000 cyber-security incidents that resulted in 2,122 actual data breaches as reported by 70 different law-enforcement and cyber-security agencies. At first blush, it might seem that there were relatively few data breaches, but the rough odds of experiencing an actual data breach are one in forty – not very good odds when the cost of a data breach is high in both dollars and reputation. Continue reading

The Solution to Data Breaches – Technology?

By Guy Higgins

Data breaches have been making headlines on a regular basis over the past couple of years. Target, Home Depot and the Federal Government Office of Personnel Management are just three of the organizations that have experienced massive data breaches. The Ponemon Institute reports that there are hundreds of thousands of cyber attacks annually. Obviously data breaches are a major and growing problem.

I recently read a blog titled, “Turning to technology to prevent data breaches.” I was intrigued by the title because I don’t believe in “silver bullet” answers, and this seemed to imply that some technology would be a silver-bullet answer to the problem. Continue reading

Small- and Medium-size Businesses: What is Your Cyber Risk?

By Guy Higgins

With the massive data breach created by the recent hack into the sensitive records of the Federal Government’s Office of Personnel Management (OPM), cyber risks are receiving significant media attention. The question for small- and medium sized businesses is, “Am I vulnerable?”

In a word, yes. Small- and medium-sized businesses are right in the sweet spot for malicious hackers, and perhaps even more at risk for IT system “glitches” and “employee-caused” data breaches. These are three very different categories of problems: Continue reading