With that said, here are three key reasons why your cybersecurity plan is outdated and needs to be revised….
If it wasn't created yesterday, then it's outdated. Everything can be hacked and the best blackhats are already two steps ahead of the best prevention plans anyone has. In reality, what we think is cybersecurity is really just reactive cyber defense against what happened to someone yesterday. We can anticipate what the next hack might be and build software and technology defenses against it, but that’s like trying to anticipate what might kill you tomorrow when in fact you could step in front of a bus accidentally and you probably didn’t plan for that one. You’ll never really be proactive, only reactive.
You need to hire a CSO or consultant and have them review and revise it. You planned security out with the personnel you had in charge at the time and that’s great, but hacker activity is increasing daily and targets are constantly changing. You likely need a Chief Security Officer (CSO) or at least a lead security director or analyst who will guide your organization down a finer tuned path to mitigation and avoidance of cyber criminal activity. Bottom line…you need to spend more time and get more technical expertise on board quickly to do any good in combating the potential for cybercrime affecting your organization…especially if you have sensitive data or are a larger organization with a potentially large database of customer information.
Look at your projects and clients from their side. You thought about security and cybercrime potential from your side and your potential liabilities. Now stop and look at it from your clients' side. What happens to them if some blackhat activity seriously breached their data or puts their multi-million-dollar project with you in jeopardy? What would be the reaction of your very important client base? What would be the sudden drop in revenue you might experience? What costs would they incur and what would your responsibility to them be? Think liability…
Summary / call for input
The bottom line is this…if you weren’t too worried about cybercrime affecting you and the need for cybersecurity in your organization before…well…things have changed. 2016 is going to be different than 2015. And not for the better…which is bad because cybercrime is only increasing in number of incidents and overall costs year over year. According to a CBS.com article accompanying information about their CSI Cyber show (which is one of my personal favorites):
“In 2014, 47% of American adults had their personal information stolen by hackers — primarily through data breaches at large companies. In 2013, 43% of companies had a data breach in which hackers got into their systems to steal information. Data breaches targeting consumer information are on the rise, increasing 62% from 2012 to 2013, with 594% more identities stolen. That added up to a staggering total of $18,000,000,000 in credit card fraud for the year.”
Those are harsh numbers…and they are only getting worse. The question is…what are you or your organization doing about it or what will you do with this info? Do you have a cybercrime or cybersecurity plan in place? Do you have a team and infrastructure? Is it part of your risk planning already or are you in a reactive planning mode only? Please share and discuss.