Manage Tomorrow's Surprises Today

Steven Minsky

Cybersecurity Attacks: Are you at Risk?

user-pic
Vote 0 Votes

An in-depth investigation by the non-profit analysis organization RAND reveals that hackers and their attacks are maturing at a much more rapid pace than organizations' cybersecurity programs. Hackers now regularly and successfully plan sophisticated attacks to gain valuable information from large, well established organizations. In June 2015, Tony Scott, the CIO of the federal government, stated that organizations need "an architectural model that is secure by design rather than security slapped on after the fact, which is the way the IT world has worked for the past thirty years."  The warning signs can no longer be ignored.

Is your cybersecurity program vulnerable to hackers?Many organizations naively think that if they are not a retailer storing millions of credit card numbers, then they are not a target for a cyber-attack. Bloomberg points out that hackers are really after any type of Personally Identifiable Information (PII), especially social security numbers, and Reuters reports that in black markets Protected Health Information (PHI) is 10 times more valuable than credit card numbers.

It comes as no surprise that there have been 4 major healthcare data breaches so far in 2015, with the UCLA Health breach of 4.5M patient records being the most recent. Any organization housing PII or PHI is at risk of financial and reputational ruin by a cyberattack. The Federal Financial Institutions Examination Council (FFIEC) recently released a Cybersecurity Assessment Tool to aid organizations in becoming more secure. Survey results can be used to understand what policies and technologies should be leveraged to assure compliance and security. Last year the SEC also released a guide for conducting cybersecurity readiness assessments.

Organizational strategy and executive decisions need to be linked directly to business processes and ground level operations. In order to make clear the institutional knowledge that is collected at the front lines, IT security managers must be equipped with an IT risk management software that can elevate their concerns, and allow them to take action on the most pressing risks.

While a single individual may be capable of implementing a manual process that adheres to a particular governance framework, it's far more effective to have that individual managing the process in an automated solution that can centrally manage and report on IT assets, applications, incidents, and risk assessments.

 

Interested in understanding your organization's inherent cybersecurity risk? Unsure of your current and necessary levels of cybersecurity maturity?

Download our annotated guides to the FFIEC's Cybersecurity Assessment Tool and to the SEC's Cybersecurity Guidelines. If you're a LogicManager customer, one of our Analysts can deploy the actionable FFIEC survey to your environment today.


Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives

Blogs

ADVERTISEMENT