The RE: View for February 2016

Feb. 10

The Business Implications of the EU-U.S. “Privacy Shield”
Harvard Business Review
The United States and the European Union recently announced an agreement to “allow U.S. companies to continue sending and receiving personal information about EU residents across EU borders.” According to Larry Downes at the Harvard Business Review, however, there is uncertainty as to whether the EU authorities will allow the “Privacy Shield” to go forward. The deal’s approval process will include “review by a dizzying array of governmental and quasi-governmental privacy bodies…and member states.” Additionally, Downes says that the agreement may not add much protection to Europeans’ personal information. Downes’ piece discusses the business implications of this “Privacy Shield” and makes three suggestions for business leaders: that they recognize and support organizations’ efforts to “set standards, ensure transparency and enforce reasonable security practices for information collection and use,” to recognize consumers’ growing power to choose products and services based on their privacy practices and “to ride out the storm.”

Feb. 16

Many Companies Still Procrastinating When It Comes to Cybersecurity
Fortune
According to a recent NTT Com Security survey of 1,000 business executives, only half of respondents had formal plans to protect their information and networks in case of a cybersecurity breach. Additionally, “a quarter of these executives ‘are certain their company will suffer a security breach in the future.’” As Fortune’s Jonathan Vanian says, “it’s going to take more than [large-scale breaches in the news] to persuade business executives to protect their companies from data breaches.” The authors of the report believe part of the reason why executives are not acting sufficiently to protect their companies is that they are “procrastinating,” preferring to wait for security incidents to occur over working to prevent them. Vanian mentions that it is hard to get change to happen quickly when considering how executives view cybersecurity at their organizations.

Feb. 17

Virtual extortion a big business for cyber criminals
CNBC
Ransomware, which “stealthily infects a computer [and renders files and data] unusable,” is increasingly being used by cybercriminals for extortion to gain money from victims, and a recent attack hit an entire internal hospital computer system. Any Internet user or company can be a victim of this type of cybercrime, but small businesses can be especially vulnerable due to their lack of resources, “security and multi-layer defense programs to help protect themselves.” CNBC’s Bob Woods talks to cybersecurity experts about these sophisticated attacks, including their tendency to use untraceable online currencies, the entry points they use to get their payment, the ransom notes used and how small businesses make the decision of “whether to pay the extortionist or not.”

Feb. 18

Cyber-Security: The Best Plan of Action to Keep Your Data Safe
InformationWeek
According to William Terdoslavich, “every clever cyber-attack action is always followed by an equally clever reaction from the organization targeted.” Even as companies prepare for breaches and deepen their cybersecurity defenses, Terdoslavich recommends a “change in thinking,” including employing situational awareness to gain insights into unauthorized access to company data, “looking inside to defend against the outside,” implementing continual employee training, diagnostics and analysis, and taking steps to “raise the bar” in making it harder for cybercriminals to attack.

Feb. 25

To protect corporate cybersecurity, don’t ignore the data
TechTarget
Using data analytics can help companies determine their security vulnerabilities and make better cybersecurity plans, but according to GreyCastle Security CEO Reg Harnish, “many companies don’t take advantage of [this wealth of data].” TechTarget’s Ben Cole interviews Harnish to discuss how ignoring analytics can be a major cybersecurity risk to a company, the best ways to protect company data, the evolution of mobile data threats, the implications of compliance audit findings and the importance (and effective types) of employee education and training.

Cybersecurity: Boards still happy to pass the buck to the IT department
ZDNet
According to PwC’s Global Economic Crisis Survey 2016, cybercrime is the “fastest growing type of economic crime.” Additionally, the report suggests that many respondents may be unaware of breaches or attacks that have impacted their companies and that despite growing fears about cybercrime, only 37 percent of organizations have established cyber incident response plans. PwC argues that boards and organizational leadership are responsible for “this disturbing lack of preparation” because they may not understand their cybersecurity postures well enough to “properly assess the risks” and may not be proactive enough in protecting their organizations against cyber threats.