I'm not a fan of the horror movie genre. I also stay away from roller coasters and fast cars. My reasoning is quite simple: Why would I intentionally do something to scare myself?
But last week I did a scary thing. While at CSC's Future Focus user conference, I sat in on a session given by CSC's Bryant Tow: Cyber Security: Threats, Trends, and Solutions. Tow told some truly scary stories over the course of an hour, but what was most bothersome to all of us was the fact there were less than a dozen people in the meeting room to hear his dire warnings.
As Tow explained—and it seemed pretty obvious from the turnout—most insurers are oblivious to the threat their companies face. He told of meeting with one CIO of a good-sized company who explained he has one fulltime and one part-time employee in charge of cyber security for his company.
Tow then cited a survey done by CERT: Attacks on personal individual information held by companies are up 650 percent since 2006.
Companies need to do better to protect themselves, but another speaker at Future Focus, keynoter Robert Kriegel, jokingly described the situation most companies face today: "Do more with less? That's last year. This year it's: Do more with nothing."
The problem with security is you need to spend thousands of dollars in the hope that you never really need it (sort of like insurance, right?). Those unwilling to spend anything, though, can find themselves paying for it on the back end—after a data breach occurs. The cost to companies after an attack could easily dwarf what was needed to prevent—or more likely slow down—an attack.
Tow had a couple of interesting comments that I'd like to share. The first is: "Security starts in the boardroom."
Cyber security emulates regulatory security. When boards learned they were responsible to the government for any compliance issues, they eagerly spent what was necessary to follow the Gramm-Leach-Bliley Act. To ignore cyber security and to then suffer a breach will be on the board and the executive team, particularly if they've been warned of potential problems by business and IT leaders.
The second statement made by Tow is a good response to the first statement: "Being proactive will help you save 80 percent of your resources."
It can sometimes take years to discover that your company has been attacked. Think about the losses over a sustained period of time? It scares me.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.