Cyber-crime costs to the world will double in a six year period ending in 2021.
More reports of attacks give rise to a gnawing sense of inevitability. As leaders in the fight, there is only one strategy that safeguards our companies. Inevitability must promote “Response-ability.”
The biggest catalyst to response-ability is compliance.
Internal compliance drives adherence to the practices, rules and regulations set forth by internal policies. External compliance follows the laws, regulations and guidelines imposed by governments and agencies.
Compliance requirements are numerous, and the legal team and C-Suite Executives are responsible to determine the scope of compliance. Compliance officers and staff are a growing requirement. Technical, procedural and strategic frameworks must be built to assure your company’s integrity.
Behind the pressures, costs and potential fines that surround your compliance, the public is demanding more of you as the steward of their information. 6 of 10 people would blame you, not the hacker, for lost data. 7 of 10 people said they would boycott a company that appeared negligent in protecting their data.
Here are a few pressing challenges to compliance:
- Use of Personal Devices
Companies now must have strong policies and technical controls in place, such as mobile device management protocols that exist, and by enforcing device lock passwords and time-based, one-time based passwords. Employees with laptops and devices should be provided security policies and prevention mechanisms, as well as secure access to corporate data.
- Updates and Patches
IT Managers must ensure that your organization is current with software updates and that they immediately patch known vulnerabilities. Last year alone, the number of third party vulnerabilities doubled.
- Third Party Vendors
Also last year, 63% of data breaches originated directly or indirectly from third-party vendors. Managing vendor information security and vendor compliance with privacy laws is a major and essential undertaking.
Cyber Insurance is Response-able.
And it’s being responsible in advance of the need. Cyber insurance not only covers legal fees, but typically expenses associated with notifying customers of a data breach, restoring personal identities of customers, recovering compromised data and repairing damaged systems.
Purple is Response-able.
Borrowed from military language, Red Teams exist to attack your cyber-security systems and to expose points of weakness. Blue Teams defend, enforcing the security measures you have in place. The buzz of the day is the Purple Team. The Purple is either a make-up of both Red and Blue teams in which participants form a learning community for the sake of the other, or an outside group brought in to examine the tactics of both teams and make recommendations. Ideally, Red and Blue Teams exist not in competition to the other but as complement, holding the security objectives of the company as the standard of each team’s success.
The greatest detriment to your response-ability is lack of clarity on what you need or don’t need. Outside eyes continue to be the best check and balance for CIO’s. Without third-party, unbiased expertise, you will not possess the confidence you need that the compliance, policies, insurance and Purple evaluations are sufficient and efficient for your situation.