Corporate Cybersecurity

  • Every company is a technology company
  • No company is immune from cyber attack – it WILL happen ("when" not "if")
  • No such thing as the term “Cyber risk” today, it is just business risk
  • No organization is an island when it comes to data and cybersecurity
  • Corporations are not prepared for the new risks 
  • Security is a people problem, not a technology problem
    • Security solutions have technological components
    • Presents a conceptual, organization, operational, technological, financial and management challenge
    • Almost all security problems are due to blunders in design, implementation, operation or management
  • Todays expanded cyber “surface area” magnifies even a single security incident
  • Can result in unanticipated costs, operational shutdowns, reputational damage and legal consequences
  • Result in physical destruction and loss of life

“There are only ‘two categories’ of companies affected by [cyber] trade secret theft – those that know they’ve been compromised and those that don’t know yet.”
-Former Attorney General Eric Holder (February 20, 2013)
 
“Cyber is uncharted territory. It’s going to get worse, not better ...a very material risk that didn’t exist 10 to 15 years ago.”
-Warren Buffett (Berkshire Hathaway 2018 Annual Shareholders Meeting)

Today's Cybersecurity Mindset

Word tree with the text Expensive, Inefficient, Complicated, Difficult to use, Makes problems worse, Fragile, Low Integration, Piecemeal, lowers functionality.

 

Today's organizations need to implement an
effective cybersecurity strategy
and to derive its multiple benefits

Risk and Maturity

Chart - Top axis Organizationsl Risk - 1 to 5 Least, Minimal, Moderate, Significant, Most. Left Axis Cybersecurity Maturity - Innovative, Advanced, Intermediate, Evolving, Baseline. Most organizations are in the 3-5 risk and Baseline to intermediate area

Too many areas to address alone...

  1. Architecture
  2. Asset management
  3. Awareness
  4. Business continuity management
  5. Data infrastructure
  6. Data protection
  7. Employees
  8. Governance and organization
  9. Host security
  10. Identity and access management
  11. Incident management
  12. IoT
  1. Metrics and reporting
  2. Network security
  3. Operations
  4. Policy and standards framework
  5. Privacy
  6. Security monitoring
  7. Software security
  8. Strategy
  9. Supply chain
  10. Third-party (and 4th party) stakeholder management
  11. Threat and vulnerability management

Follow the 7 P's

 

Proper

Planning and Preparation

Prevents

Piss Poor Performance

British Army adage

Let us help you change your mindset and effectively
plan, prepare and address cybersecurity

Cybersecurity Risks