Senior executives from all over the country responsible for safeguarding their companies’ infrastructures gathered in Baltimore October 31 – November 1 for the Senior Executive Cyber Security Conference, co-sponsored by Johns Hopkins University’s Information Security Institute and North Star Group. Attendees learned from expert speakers and panel discussions about the changing cyber security landscape and how to manage and avert crises for their organizations. Here are the top 10 takeaways from the conference:
- The reality is that every organization will be breached at some point in time – and many have already been breached and don’t even know it. Organizations should focus on minimizing the damage when they are breached.
- Organizations should proactively develop crisis management plans and rehearse them regularly. Even a basic, simple crisis management plan will be invaluable in helping the organization understand how to respond at the moment of crisis.
- It will be several years before federal laws related to cyber security catch up with the current environment. State legislation is further ahead of the federal laws, and organizations need to understand that every state’s laws are different.
- Hackers are becoming more sophisticated, and they are targeting organizations across all industries. Malware and other types of malicious software have become commodities that are readily available on the dark web. This fact makes it easier for hackers to utilize advanced tools.
- If a Fortune 500 company like JPMorgan Chase can be breached, then anyone can be breached. Regardless of an organization’s size or industry, it is vulnerable to being breached. Organizations must take a proactive approach and focus on minimizing the impact.
- Organizations can use threat intelligence to proactively respond to impending attacks. Understanding how an attack may occur and what it will be targeting enables organizations to be proactive and take countermeasures to minimize the damage.
- Cyber insurance should be part of every organization’s risk management framework. It is a key component to an organization’s cyber security ecosystem and is just as important as assessments, training, critical systems monitoring, etc.
- Technology alone will not protect against breaches. Organizations need to take an integrated, enterprise view towards protecting their data. All functions within an organization have a role (HR, security, finance, operations, etc.).
- Organizations that have a Chief Information Security Officer (CISO) or similar role need to elevate that person in the reporting hierarchy to give them the resources to be successful, not just the accountability. CISOs must be empowered and able to effect real change within their organization.
- There is an overall shortage of cyber security labor positions, and a severe shortage of skilled security personnel in the area of forensic analysis, in particular. Educational institutions must catch up with the demand and deliver competent resources.
With awareness, knowledge, and a proactive approach, organizations will be better prepared to weather the inevitable breaches that we all face in today’s hyper-connected environment. COMPASS has developed a methodology that combines the discipline of project management with the latest cyber-security technology and data-protection best practices. These days, every organization is just one data breach away from being a leading story on the news and social media, which can severely damage its reputation and brand. Contact COMPASS to learn more about our methodology and how it can help your organization develop a robust cyber-security ecosystem.
