Technology and Management Solutions   May 2021
 

In the May 2021 Newsletter
  What to Know about Cybersecurity

Cybersecurity is in the news almost weekly. Unfortunately, the number of threats is increasing. The sophistication of the attacks is growing. Individuals, businesses (large and small), and governments are under attack. Here are some basics.

For example, Colonial Pipeline, which carries gasoline, diesel and jet fuel from Texas to New York, was recently hacked in a high-profile ransomware incident. Another case involves SolarWinds. An NPR investigation into that attack revealed "a hack unlike any other, launched by a sophisticated adversary intent on exploiting the soft underbelly of our digital lives: the routine software update."

WHY should you care? The problem is huge, changing quickly, complex, and expanding. It impacts everyone and every organization. In a 2019 CEO Imperative Study by Ernst & Young, CEOs of the largest 200 global companies rated national and corporate cybersecurity as the number one threat to business growth and the international economy in the next 5 to 10 years.

According to McAfee, the global computer security software company, "Annual losses from cybercrime range from $500B to $1T and are projected to rise to $5T by 2024."
According to the Federal Bureau of Investigation, "There are 4,000 ransomware attacks every day."
According to The Center for Strategic and International Studies, a Washington think tank, and McAfee, "Sixty-four percent of Americans have lost personal data or had fraudulent charges due to cybercrime."

WHAT to do about it? The National Association of Corporate Directors in Cyber-Risk Oversight 2020 recommends five core principles that companies and their directors need to address:

Risk. Recognize cybersecurity as a strategic enterprise risk, not just an IT risk.
Legal. Understand that cyber risks have legal implications.
Expertise. Ensure there is adequate access to cybersecurity expertise and discuss risk management regularly.
Framework. Set expectations that management will establish an enterprise-wide, cyber-risk management framework with staffing and budget.
Financial Exposure. Identify and quantify the financial exposure for cyber risks and which risks to accept, mitigate, or transfer through insurance coverage and /or specific plans.

TAKE ACTION now as an Individual

Use complex passwords. The longer and more complex the better.
Update your devices so they have the latest security features and patches.
Don't open unsolicited emails and don't click on phishing links or buttons, no matter how realistic they may appear.
Back-up devices and systems regularly. When was the last time you did a back-up of your data? How much data can you afford to lose?
Protect your devices and Internet connections. Do you have anti-virus and anti-malware protection on your devices? Are you using two-factor authentication? Do you use a Virtual Private Network (VPN)?

TAKE ACTION now as a Business (from Cyber-Risk Oversight 2020)

Do you have an Incident Response Plan? Establish one now.
How is personally identifiable information (PII) safeguarded domestically and internationally? What other standards (e.g., HIPAA) must you comply with in your industry and how are you addressing them?
Which third parties have access to your systems and what controls are placed on them?
How do you manage and control your core security infrastructure? What defenses do your Internet gateways have? Do you use two-factor authentication? Do you allow anything in your network to talk directly to the Internet? How are you protecting and backing up your data?
Do you have an insider threat program? Do you employ a data-leak prevention product?

SUMMARY

Cybercrime is a big and growing risk. To protect yourself and your business, consider people, processes, and technology. Address the core principles of risk, legal, expertise, framework, and exposure. Make sure you have the right expertise to provide oversight. Take action now to protect, defend, and deflect.

Theresa M. Szczurek, Ph.D.
C-Level Global Executive, Corporate Director, and Colorado CIO of the Year

Pass it on. Feel free to share this newsletter, using my name and copyright declaration, with your colleagues.

    
Theresa M. Szczurek, Ph.D.

Technology and Management Solutions

303.443.8674 Phone
303.496.0088 Fax
tms@tmsworld.com
www.tmsworld.com

Learn More

TMSworld

Introducing the Book

Product Catalog

Newsletters

News Feed  

Podcasts  

TMS Blog

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Subscribe to this newsletter

© Copyright 2021, TMS
All rights reserved.