Cybersecurity is in the news almost weekly. Unfortunately, the number of threats is increasing. The sophistication of the attacks is growing. Individuals, businesses (large and small), and governments (local, state, and federal) are under attack. Here are some basics to help ensure security.
In one example, Colonial Pipeline, which carries gasoline, diesel, and jet fuel from Texas to New York, was recently hacked in a high-profile ransomware incident. Another case involves SolarWinds. A National Public Radio (NPR) investigation into that attack revealed “a hack unlike any other, launched by a sophisticated adversary intent on exploiting the soft underbelly of our digital lives: the routine software update.”
Just recently, the U. S. Securities and Exchange Commission (SEC) adopted in July 2023 rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. To show they are serious about enforcing these rules, the SEC just filed a lawsuit against SolarWinds and its top cybersecurity executive Tim Brown stating Brown “defrauded SolarWinds’ investors and customers ….”
WHY SHOULD YOU CARE? The problem is huge, changing quickly, complex, and expanding. It impacts everyone and every organization. The National Association of State CIOs (NASCIO) conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. Again in 2023, “Cybersecurity and Risk Management” is the top priority. In a 2019 CEO Imperative Study by Ernst & Young, CEOs of the largest 200 global companies rated national and corporate cybersecurity as the number one threat to business growth and the international economy in the next five to 10 years.
- According to McAfee, the global computer security software company, annual losses from cybercrime exceed $1 trillion.
- According to Pew Research, “A majority of Americans (64%) have personally experienced a major data breach.”
WHAT TO DO ABOUT IT? The National Association of Corporate Directors in their 2023 Cyber-Risk Oversight Handbook recommends six core principles that companies and their directors need to address:
- Strategic Risk. Recognize cybersecurity as a strategic enterprise risk, not just an IT risk.
- Legal and Disclosure. Under that cyber risks have legal implications.
- Oversight Structure and Expertise. Ensure there is adequate access to cybersecurity expertise and discuss risk management regularly.
- Enterprise Framework. Set expectations that management will establish an enterprise-wide, cyber-risk management framework with staffing and budget.
- Measurement and Reporting. Management should deliver reports that are transparent about performance, benchmarked, and decision-oriented.
- Encourage Systematic Resilience and Collaboration. There is a need to break down silos within and between organizations. Management should participate in industry groups or peer networks.
TAKE ACTION AS AN INDIVIDUAL:
- Use complex passwords. The longer and more complex the better.
- Update your devices so they have the latest security features and patches.
- Don’t open unsolicited emails, and don’t click on phishing links or buttons, no matter how realistic they may appear.
- Back up devices and systems regularly. When was the last time you did a backup of your data? How much data can you afford to lose?
- Protect your devices and Internet connections. Do you have anti-virus and anti-malware protection on your devices? Are you using two-factor authentication? Do you use a Virtual Private Network (VPN)?
SUMMARY
Cybercrime is a big and growing risk. To protect yourself and your organization, address the core principles of risk, legal, expertise, framework, measurement, and collaboration. Make sure you have the right expertise to provide oversight. Take action now to protect, defend, and deflect.
Theresa M. Szczurek, Ph.D. is a tech and cybersecurity-savvy C-level executive, 3x tech entrepreneur, Certified Management Consultant (CMC®), and Certified Corporate Director (NACD.DC) who is the co-founder and Board Director of Radish Systems. As the former State of Colorado Chief Information Officer (CIO) and Colorado CIO of the Year, she runs Technology and Management Solutions, a consulting firm. She researched, authored, and speaks about her best-selling book Pursuit of Passionate Purpose: Success Strategies for a Rewarding Personal and Business Life.
Featured image courtesy of Stock Vault
Leave a Reply
You must be logged in to post a comment.