The RE: View for June 2017

Jun 30, 2017 8:39am

June 9

Are Businesses Shortchanging Cybersecurity or Shortchanging Change Itself?
Don Elledge, co-founder and CEO of Edgile, shares conflicting stats regarding cybersecurity spending – one, that data breaches are growing in prevalence “at a rate of more than 40% from 2015 to 2016,” and another, that businesses are only “increasing their cybersecurity budgets at a rate of 18%.” Elledge argues that, in order to optimize cyber-readiness, organizations need to close this gap by investing more in cybersecurity. He discusses the changing technology landscape and contrasts it with the slow-moving advancements in investment and shares three horizons across which to analyze security strategy and expenditure at an organization.

June 14

The Steps Your Board Must Take When Overseeing Cyber Risk
Boardroom Resources
Although most boards of directors are already overseeing cyber risk as a standard, it “remains one of the most challenging risks for board members to get their arms around,” according to Boardroom Resources. In this video interview, Michael Kaiser, executive director of the National Cyber Security Alliance, shares a “roadmap for today’s boards,” first stressing that boards should not fear dealing with cyber risk and then arguing for a “holistic plan for cyber oversight” and sharing the initial steps boards should take to guard against cyber attacks.

June 22

Hacked: How Business Is Fighting Back Against the Explosion in Cybercrime
Reporters Jeff John Roberts and Adam Lashinsky outline some of the many recent examples of cyber attacks on business, including the 2015 breaches of several prestigious law firms that resulted in cybercriminals accessing highly sensitive documents and allegedly trading on this information. According to Roberts and Lashinsky, this incident “only served to underscore a hard truth: Business is under assault like never before from hackers, and the cost and severity of the problem is escalating almost daily.” The piece discusses the upward trend in numbers of DDoS attacks, the growing costs of data breaches to businesses and the need for organizations to implement formal cybersecurity incident response plans. Additionally, the reporters highlight tactics and traits of the modern hacker and the vigilance companies must keep in preparing for and mitigating cybercrime.

June 25

5 Lesser-Known Ways Cyber Attacks Can Destroy Your Business
Despite the prevalence of cyber attacks on businesses and the growing importance of cybersecurity to business leaders, “a majority have not taken any concrete steps to implement a cyber security policy,” according to reporter Mahesh Jain. The article highlights some of the recent high-profile breaches that have impacted big organizations and explains the many potential costs that a business may face as a result of cyber attacks or fraud – including erosion of customer trust, loss of business or profit, disruption in operations, loss of intellectual property and increased insurance costs.

June 26

Get Hacked and Your Cybersecurity Company May Pay
MIT Technology Review
As the cyber threat against business grows, more organizations are spending resources on cybersecurity insurance – as much as $7.5 billion will be spent in 2020, according to a recent PricewaterhouseCoopers projection. According to reporter Mike Orcutt, the challenge in “pricing the risk…has created a new opportunity for security companies confident enough to warranty their products.” Several security companies – including startups like SentinelOne and big corporations like Symantec – are promising to “pay up if their product or service fails.” Orcutt discusses the booming cybersecurity risk evaluation and insurance industries and the need for companies to still follow proper security practices.

10 Steps for a Successful Incident Response Plan
According to a recent survey, one in three organizations don’t have incident response plans, and many of those who do don’t have adequate plans or don’t test and/or use them. Reporter Doug Drinkwater shares a 10-step guide to creating a successful incident response plan, including assigning roles to the correct people, getting relevant business departments involved, identifying key performance indicators to measure the plan’s success, repeatedly testing the plan and identifying and implementing the right tools.

The World Needs More Cybersecurity Pros, but Millennials Aren’t Interested in the Field
According to the recent Global Information Security Workforce Study, there will be 1.8 million open jobs in cybersecurity by 2022, and the lack of young workers entering the field is partly to blame, with under-29 cybersecurity professionals making up only 7 percent of the industry. With an aging cyber workforce and a need to attract millennials, companies need to adapt their hiring and recruiting practices to “keep pace with the changing workforce.” Reporter Alison DeNisco highlights some of the challenges in drawing millennials to the occupation – including their lack of awareness, the confusing nature of cybersecurity job postings and the unnecessary education and/or skill requirements some companies include in them. DeNisco shares potential strategies for expanding the pipeline, including looking to young people graduating with degrees in the arts and other nontechnical fields, women and veterans.