SlideShare a Scribd company logo

Cybersecurity: How to be Proactive

Brown Smith Wallace
Brown Smith Wallace

Anthony Munns, an IT audit and security partner at Brown Smith Wallace, has more than 20 years of experience with information technology and security, and he has watched the issue of cyber threats grow over the years. He knows the extent to which companies can be affected by cyberattacks. He also knows what they can do to get ahead of threats.

Technology
1 of 1
Download to read offline
Anthony Munns, an IT audit and security partner at Brown Smith Wallace, has more than 20 years of experience with information technology and security, and he has watched the issue of cyber threats grow over the years. He knows the extent to which companies can be affected by cyberattacks. He also knows what they can do to get ahead of threats. How are companies affected by cyber security breaches? Organizations are seeing the Target and Michael’s problems where financial information is being compromised, whether it’s credit card details or transactions. They are seeing loss of personal information, which is potentially leading to identity theft, and seeing losses of personally identifiable information (PII), which is compromising their requirements to keep that kind of information secure. There’s a“who’s next?”type of concern out there. It’s impacting the cost side of things: Are you going to have to conduct investigations, provide notifications? How do you fix your sites and keep yourselves from becoming the next victim? There is the indirect impact: loss of reputation, loss of business and the threat of sanctions being applied to the company. How have cyber threats become more advanced in recent years? Pretty well everybody is connected, and it is easier for the people who are trying to break into systems to find targets. What’s evolved is the type of people that are doing the targeting now has changed. You’ve got a couple of major new players out there in terms of organized crime, which is now not just after the value of financial information, but also the value of PII and medical information because they can use that data to generate money as well. And you’ve got the state-sponsored attacks - the Chinese intellectual property attacks, for example, that are going on. Now, it’s not just the high-profile companies that are being targeted. It’s more a crime of opportunity where they control a large number of sites and can go for where the weaknesses are in the system and exploit those known weaknesses. What can companies do to prevent and detect a cyber security breach before it happens? You have to be far more cognizant of the potential risk that is involved with the use of technology, and you’ve got to understand that risk and put the appropriate steps in place to prevent yourself from being vulnerable. First, you should conduct a security risk assessment to understand where the potential weak points are in your security infrastructure. You should ensure that you’ve got employee awareness of the risks of the different types and methods of accessing systems. We’ve talked about the system vulnerabilities: A lot of those are making sure you are on the latest version of operating systems and making sure your components are updated, and that all the patches have been applied to keep this risk low. An IT assessment conducted by an outside expert will provide objective insight and help tremendously in terms of blocking attacks and making sure your company is at the level where your risk is reduced so that only the most determined attacker might get into your organization. Have you considered encrypting your data? This capability is built into operating systems today for many different platforms. Do you have a bring-your-own-device policy as an organization? Do you have appropriate measures in place that the employee has to agree to in terms of being required to have a password on the device? For example, do you require a remote wipe if that device is lost or stolen? What should companies do to remediate the damages of a security breach? You’ve got to ensure that you have the appropriate tools in place to monitor and detect breaches within your system. Do you have a procedure where you monitor your security logs? Do you have a data leak prevention approach? Do you know if data is being taken outside of your organization? The second piece is do you have an incident management plan. You need to talk to your legal people. You’ve got a lot of implications as far as compliance and regulations. A lot of companies are in industries that have to be compliant. Forty-six states have data breach laws. The chances are you’re either operating in a state or your customers are in a state that has a data breach notification requirement. You’ve got a public relations element as well. You’ve got to have a comprehensive incident management plan that covers that spectrum - that can help you manage the potential reputation impact that comes out of this and the sheer cost of this particular problem that can result in a huge loss of revenue as customers leave your brand. Do you have cyber insurance? General business liability policies typically now require separate coverage. Have you talked to your broker to ensure you have the proper insurance at a competitive price? If it happens to you, you’ll want to be covered against what can be significant losses. Cybersecurity: How to be proactive Request our Cybersecurity infographic for a more detailed look at the growing number of cyber attacks bswllc.com/cyber. INFOGRAPHIC Tony Munns FBCS, CITP, CIRM, CISA Partner Risk Advisory Services tmunns@bswllc.com © 2014 Brown Smith Wallace

Recommended

Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 
Report on Human factor in the financial industry
Report on Human factor in the financial industryReport on Human factor in the financial industry
Report on Human factor in the financial industryChandrak Trivedi
 
Payment fraud
Payment fraudPayment fraud
Payment fraudRamiro Cid
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail SecurityIBM Software India
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 

Recommended

Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 
Report on Human factor in the financial industry
Report on Human factor in the financial industryReport on Human factor in the financial industry
Report on Human factor in the financial industryChandrak Trivedi
 
Payment fraud
Payment fraudPayment fraud
Payment fraudRamiro Cid
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail SecurityIBM Software India
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Website security
Website securityWebsite security
Website securityRIPPER95
 
ransomware_infographic-6-2016
ransomware_infographic-6-2016ransomware_infographic-6-2016
ransomware_infographic-6-2016Sal Rodriguez
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 
Human Risk Management
Human Risk ManagementHuman Risk Management
Human Risk ManagementJohn Grennan
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityDavid Mai, MBA
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCybera Inc.
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemTheodore Le
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsObserveIT
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Logikcull.com
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hackingjoeymar143
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)GuardEra Access Solutions, Inc.
 
Phishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMPhishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMCourion Corporation
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessBeyondTrust
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
Jonathan raymond 2010 rotman telus - atlseccon2011
Jonathan raymond 2010 rotman telus - atlseccon2011Jonathan raymond 2010 rotman telus - atlseccon2011
Jonathan raymond 2010 rotman telus - atlseccon2011Atlantic Security Conference
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsBeyondTrust
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
Class4 Security
Class4 SecurityClass4 Security
Class4 SecurityRMS
 
Cybersecurity: A Vital Concern for Today's Companies
Cybersecurity: A Vital Concern for Today's CompaniesCybersecurity: A Vital Concern for Today's Companies
Cybersecurity: A Vital Concern for Today's CompaniesBrown Smith Wallace
 
How to Develop an Internal Control Manual
How to Develop an Internal Control ManualHow to Develop an Internal Control Manual
How to Develop an Internal Control ManualBrown Smith Wallace
 

More Related Content

What's hot

Website security
Website securityWebsite security
Website securityRIPPER95
 
ransomware_infographic-6-2016
ransomware_infographic-6-2016ransomware_infographic-6-2016
ransomware_infographic-6-2016Sal Rodriguez
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 
Human Risk Management
Human Risk ManagementHuman Risk Management
Human Risk ManagementJohn Grennan
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityDavid Mai, MBA
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCybera Inc.
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemTheodore Le
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsObserveIT
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Logikcull.com
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hackingjoeymar143
 
Phishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMPhishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMCourion Corporation
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessBeyondTrust
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
Jonathan raymond 2010 rotman telus - atlseccon2011
Jonathan raymond 2010 rotman telus - atlseccon2011Jonathan raymond 2010 rotman telus - atlseccon2011
Jonathan raymond 2010 rotman telus - atlseccon2011Atlantic Security Conference
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsBeyondTrust
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
Class4 Security
Class4 SecurityClass4 Security
Class4 SecurityRMS
 

What's hot (20)

Website security
Website securityWebsite security
Website security
 
ransomware_infographic-6-2016
ransomware_infographic-6-2016ransomware_infographic-6-2016
ransomware_infographic-6-2016
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
 
Human Risk Management
Human Risk ManagementHuman Risk Management
Human Risk Management
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information System
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hacking
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
 
Phishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMPhishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAM
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling Access
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
Jonathan raymond 2010 rotman telus - atlseccon2011
Jonathan raymond 2010 rotman telus - atlseccon2011Jonathan raymond 2010 rotman telus - atlseccon2011
Jonathan raymond 2010 rotman telus - atlseccon2011
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
Class4 Security
Class4 SecurityClass4 Security
Class4 Security
 

Viewers also liked

Cybersecurity: A Vital Concern for Today's Companies
Cybersecurity: A Vital Concern for Today's CompaniesCybersecurity: A Vital Concern for Today's Companies
Cybersecurity: A Vital Concern for Today's CompaniesBrown Smith Wallace
 
How to Develop an Internal Control Manual
How to Develop an Internal Control ManualHow to Develop an Internal Control Manual
How to Develop an Internal Control ManualBrown Smith Wallace
 
Disaster recovery and Preparedness Infographic
Disaster recovery and Preparedness Infographic Disaster recovery and Preparedness Infographic
Disaster recovery and Preparedness Infographic Brown Smith Wallace
 
The New Imperative: Benchmarking Your 401(k) Plan
The New Imperative: Benchmarking Your 401(k) PlanThe New Imperative: Benchmarking Your 401(k) Plan
The New Imperative: Benchmarking Your 401(k) PlanBrown Smith Wallace
 
Credit limitincreaseform
Credit limitincreaseformCredit limitincreaseform
Credit limitincreaseformJeevan Anthony
 
FindYourWayInTheWorld Social Media Course: TasteTheFood
FindYourWayInTheWorld Social Media Course: TasteTheFoodFindYourWayInTheWorld Social Media Course: TasteTheFood
FindYourWayInTheWorld Social Media Course: TasteTheFoodFindYourWayInTheWorld
 
FindYourWayInTheWorld Social Media Course: PlayTheGame
FindYourWayInTheWorld Social Media Course: PlayTheGameFindYourWayInTheWorld Social Media Course: PlayTheGame
FindYourWayInTheWorld Social Media Course: PlayTheGameFindYourWayInTheWorld
 
Blogging 101: URJ Social Media Boot Camp
Blogging 101: URJ Social Media Boot CampBlogging 101: URJ Social Media Boot Camp
Blogging 101: URJ Social Media Boot CampLisa Colton
 
Policy recommendations and considerations on peatlands & REDD+ for SBSTA
Policy recommendations and considerations on peatlands & REDD+ for SBSTAPolicy recommendations and considerations on peatlands & REDD+ for SBSTA
Policy recommendations and considerations on peatlands & REDD+ for SBSTAWetlands International
 
CRM AddOn Dial IT eCast
CRM AddOn Dial IT eCastCRM AddOn Dial IT eCast
CRM AddOn Dial IT eCastpatrick_m
 
Aperture card scanners in ontario - mes hybrid
Aperture card scanners in ontario - mes hybridAperture card scanners in ontario - mes hybrid
Aperture card scanners in ontario - mes hybridMES Hybrid
 
Clad agm intro_dave_gilvear
Clad agm intro_dave_gilvearClad agm intro_dave_gilvear
Clad agm intro_dave_gilvearCarbonLandscapes
 
Behaviour in Holland
Behaviour in HollandBehaviour in Holland
Behaviour in HollandBELLExHOI
 

Viewers also liked (16)

Cybersecurity: A Vital Concern for Today's Companies
Cybersecurity: A Vital Concern for Today's CompaniesCybersecurity: A Vital Concern for Today's Companies
Cybersecurity: A Vital Concern for Today's Companies
 
How to Develop an Internal Control Manual
How to Develop an Internal Control ManualHow to Develop an Internal Control Manual
How to Develop an Internal Control Manual
 
A Partnership You Can Bank On
A Partnership You Can Bank OnA Partnership You Can Bank On
A Partnership You Can Bank On
 
Disaster recovery and Preparedness Infographic
Disaster recovery and Preparedness Infographic Disaster recovery and Preparedness Infographic
Disaster recovery and Preparedness Infographic
 
The New Imperative: Benchmarking Your 401(k) Plan
The New Imperative: Benchmarking Your 401(k) PlanThe New Imperative: Benchmarking Your 401(k) Plan
The New Imperative: Benchmarking Your 401(k) Plan
 
Credit limitincreaseform
Credit limitincreaseformCredit limitincreaseform
Credit limitincreaseform
 
FindYourWayInTheWorld Social Media Course: TasteTheFood
FindYourWayInTheWorld Social Media Course: TasteTheFoodFindYourWayInTheWorld Social Media Course: TasteTheFood
FindYourWayInTheWorld Social Media Course: TasteTheFood
 
FindYourWayInTheWorld Social Media Course: PlayTheGame
FindYourWayInTheWorld Social Media Course: PlayTheGameFindYourWayInTheWorld Social Media Course: PlayTheGame
FindYourWayInTheWorld Social Media Course: PlayTheGame
 
Blogging 101: URJ Social Media Boot Camp
Blogging 101: URJ Social Media Boot CampBlogging 101: URJ Social Media Boot Camp
Blogging 101: URJ Social Media Boot Camp
 
Meta soft corporate profile
Meta soft corporate profileMeta soft corporate profile
Meta soft corporate profile
 
Policy recommendations and considerations on peatlands & REDD+ for SBSTA
Policy recommendations and considerations on peatlands & REDD+ for SBSTAPolicy recommendations and considerations on peatlands & REDD+ for SBSTA
Policy recommendations and considerations on peatlands & REDD+ for SBSTA
 
CRM AddOn Dial IT eCast
CRM AddOn Dial IT eCastCRM AddOn Dial IT eCast
CRM AddOn Dial IT eCast
 
Aperture card scanners in ontario - mes hybrid
Aperture card scanners in ontario - mes hybridAperture card scanners in ontario - mes hybrid
Aperture card scanners in ontario - mes hybrid
 
Clad agm intro_dave_gilvear
Clad agm intro_dave_gilvearClad agm intro_dave_gilvear
Clad agm intro_dave_gilvear
 
Clad oct09 jdawson
Clad oct09 jdawsonClad oct09 jdawson
Clad oct09 jdawson
 
Behaviour in Holland
Behaviour in HollandBehaviour in Holland
Behaviour in Holland
 

Similar to Cybersecurity: How to be Proactive

Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014John Bambenek
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxGogoOmolloFrancis
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextBrian Pichman
 
Copy of The Ongoing Threat of Ransomware on Small to Medium-Si
Copy of The Ongoing Threat of Ransomware on Small to Medium-SiCopy of The Ongoing Threat of Ransomware on Small to Medium-Si
Copy of The Ongoing Threat of Ransomware on Small to Medium-SiAlleneMcclendon878
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015CBIZ, Inc.
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfEnterprise Insider
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
How to protect your company from cyber attacks
How to protect your company from cyber attacksHow to protect your company from cyber attacks
How to protect your company from cyber attacksCompany
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptxCompanySeceon
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!Caroline Johnson
 

Similar to Cybersecurity: How to be Proactive (20)

Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docx
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
Copy of The Ongoing Threat of Ransomware on Small to Medium-Si
Copy of The Ongoing Threat of Ransomware on Small to Medium-SiCopy of The Ongoing Threat of Ransomware on Small to Medium-Si
Copy of The Ongoing Threat of Ransomware on Small to Medium-Si
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
How to protect your company from cyber attacks
How to protect your company from cyber attacksHow to protect your company from cyber attacks
How to protect your company from cyber attacks
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptx
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!
 

More from Brown Smith Wallace

Retail Industry Advisory Services
Retail Industry Advisory ServicesRetail Industry Advisory Services
Retail Industry Advisory ServicesBrown Smith Wallace
 
Paying Income Taxes Can Reduce Estate Taxes
Paying Income Taxes Can Reduce Estate TaxesPaying Income Taxes Can Reduce Estate Taxes
Paying Income Taxes Can Reduce Estate TaxesBrown Smith Wallace
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Brown Smith Wallace
 
Connect the Dots to Create Value
Connect the Dots to Create ValueConnect the Dots to Create Value
Connect the Dots to Create ValueBrown Smith Wallace
 
Employer and Employee Costs for Various Health Plan Types
Employer and Employee Costs for Various Health Plan TypesEmployer and Employee Costs for Various Health Plan Types
Employer and Employee Costs for Various Health Plan TypesBrown Smith Wallace
 
Value Stream Mapping: How to Identify and Reduce Waste
Value Stream Mapping: How to Identify and Reduce WasteValue Stream Mapping: How to Identify and Reduce Waste
Value Stream Mapping: How to Identify and Reduce WasteBrown Smith Wallace
 
The 6 Must-Haves for Your Cyber Security Policy
The 6 Must-Haves for Your Cyber Security PolicyThe 6 Must-Haves for Your Cyber Security Policy
The 6 Must-Haves for Your Cyber Security PolicyBrown Smith Wallace
 
Brown Smith Wallace Cyber Security Infographic
Brown Smith Wallace Cyber Security InfographicBrown Smith Wallace Cyber Security Infographic
Brown Smith Wallace Cyber Security InfographicBrown Smith Wallace
 
Brown Smith Wallace Selling Your Business
Brown Smith Wallace Selling Your BusinessBrown Smith Wallace Selling Your Business
Brown Smith Wallace Selling Your BusinessBrown Smith Wallace
 
Brown Smith Wallace Company Exports
Brown Smith Wallace Company Exports Brown Smith Wallace Company Exports
Brown Smith Wallace Company Exports Brown Smith Wallace
 
Brown Smith Wallace Occupational Fraud
Brown Smith Wallace Occupational FraudBrown Smith Wallace Occupational Fraud
Brown Smith Wallace Occupational FraudBrown Smith Wallace
 

More from Brown Smith Wallace (20)

Retail Industry Advisory Services
Retail Industry Advisory ServicesRetail Industry Advisory Services
Retail Industry Advisory Services
 
Cost Segregation
Cost SegregationCost Segregation
Cost Segregation
 
Paying Income Taxes Can Reduce Estate Taxes
Paying Income Taxes Can Reduce Estate TaxesPaying Income Taxes Can Reduce Estate Taxes
Paying Income Taxes Can Reduce Estate Taxes
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0
 
Connect the Dots to Create Value
Connect the Dots to Create ValueConnect the Dots to Create Value
Connect the Dots to Create Value
 
Estate Planning
Estate PlanningEstate Planning
Estate Planning
 
BSW Family of Services
BSW Family of Services BSW Family of Services
BSW Family of Services
 
Employer and Employee Costs for Various Health Plan Types
Employer and Employee Costs for Various Health Plan TypesEmployer and Employee Costs for Various Health Plan Types
Employer and Employee Costs for Various Health Plan Types
 
Value Stream Mapping: How to Identify and Reduce Waste
Value Stream Mapping: How to Identify and Reduce WasteValue Stream Mapping: How to Identify and Reduce Waste
Value Stream Mapping: How to Identify and Reduce Waste
 
The 6 Must-Haves for Your Cyber Security Policy
The 6 Must-Haves for Your Cyber Security PolicyThe 6 Must-Haves for Your Cyber Security Policy
The 6 Must-Haves for Your Cyber Security Policy
 
Phishing Statistics
Phishing StatisticsPhishing Statistics
Phishing Statistics
 
Brown Smith Wallace Cyber Security Infographic
Brown Smith Wallace Cyber Security InfographicBrown Smith Wallace Cyber Security Infographic
Brown Smith Wallace Cyber Security Infographic
 
Overcoming Tax Challenges
Overcoming Tax ChallengesOvercoming Tax Challenges
Overcoming Tax Challenges
 
Financial Fitness February 2016
Financial Fitness February 2016Financial Fitness February 2016
Financial Fitness February 2016
 
Financial fitness oct 2015
Financial fitness oct 2015Financial fitness oct 2015
Financial fitness oct 2015
 
Financial Fitness August 2015
Financial Fitness August 2015Financial Fitness August 2015
Financial Fitness August 2015
 
Brown Smith Wallace IC-DISC
Brown Smith Wallace IC-DISCBrown Smith Wallace IC-DISC
Brown Smith Wallace IC-DISC
 
Brown Smith Wallace Selling Your Business
Brown Smith Wallace Selling Your BusinessBrown Smith Wallace Selling Your Business
Brown Smith Wallace Selling Your Business
 
Brown Smith Wallace Company Exports
Brown Smith Wallace Company Exports Brown Smith Wallace Company Exports
Brown Smith Wallace Company Exports
 
Brown Smith Wallace Occupational Fraud
Brown Smith Wallace Occupational FraudBrown Smith Wallace Occupational Fraud
Brown Smith Wallace Occupational Fraud
 

Recently uploaded

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Cybersecurity: How to be Proactive

  • 1. Anthony Munns, an IT audit and security partner at Brown Smith Wallace, has more than 20 years of experience with information technology and security, and he has watched the issue of cyber threats grow over the years. He knows the extent to which companies can be affected by cyberattacks. He also knows what they can do to get ahead of threats. How are companies affected by cyber security breaches? Organizations are seeing the Target and Michael’s problems where financial information is being compromised, whether it’s credit card details or transactions. They are seeing loss of personal information, which is potentially leading to identity theft, and seeing losses of personally identifiable information (PII), which is compromising their requirements to keep that kind of information secure. There’s a“who’s next?”type of concern out there. It’s impacting the cost side of things: Are you going to have to conduct investigations, provide notifications? How do you fix your sites and keep yourselves from becoming the next victim? There is the indirect impact: loss of reputation, loss of business and the threat of sanctions being applied to the company. How have cyber threats become more advanced in recent years? Pretty well everybody is connected, and it is easier for the people who are trying to break into systems to find targets. What’s evolved is the type of people that are doing the targeting now has changed. You’ve got a couple of major new players out there in terms of organized crime, which is now not just after the value of financial information, but also the value of PII and medical information because they can use that data to generate money as well. And you’ve got the state-sponsored attacks - the Chinese intellectual property attacks, for example, that are going on. Now, it’s not just the high-profile companies that are being targeted. It’s more a crime of opportunity where they control a large number of sites and can go for where the weaknesses are in the system and exploit those known weaknesses. What can companies do to prevent and detect a cyber security breach before it happens? You have to be far more cognizant of the potential risk that is involved with the use of technology, and you’ve got to understand that risk and put the appropriate steps in place to prevent yourself from being vulnerable. First, you should conduct a security risk assessment to understand where the potential weak points are in your security infrastructure. You should ensure that you’ve got employee awareness of the risks of the different types and methods of accessing systems. We’ve talked about the system vulnerabilities: A lot of those are making sure you are on the latest version of operating systems and making sure your components are updated, and that all the patches have been applied to keep this risk low. An IT assessment conducted by an outside expert will provide objective insight and help tremendously in terms of blocking attacks and making sure your company is at the level where your risk is reduced so that only the most determined attacker might get into your organization. Have you considered encrypting your data? This capability is built into operating systems today for many different platforms. Do you have a bring-your-own-device policy as an organization? Do you have appropriate measures in place that the employee has to agree to in terms of being required to have a password on the device? For example, do you require a remote wipe if that device is lost or stolen? What should companies do to remediate the damages of a security breach? You’ve got to ensure that you have the appropriate tools in place to monitor and detect breaches within your system. Do you have a procedure where you monitor your security logs? Do you have a data leak prevention approach? Do you know if data is being taken outside of your organization? The second piece is do you have an incident management plan. You need to talk to your legal people. You’ve got a lot of implications as far as compliance and regulations. A lot of companies are in industries that have to be compliant. Forty-six states have data breach laws. The chances are you’re either operating in a state or your customers are in a state that has a data breach notification requirement. You’ve got a public relations element as well. You’ve got to have a comprehensive incident management plan that covers that spectrum - that can help you manage the potential reputation impact that comes out of this and the sheer cost of this particular problem that can result in a huge loss of revenue as customers leave your brand. Do you have cyber insurance? General business liability policies typically now require separate coverage. Have you talked to your broker to ensure you have the proper insurance at a competitive price? If it happens to you, you’ll want to be covered against what can be significant losses. Cybersecurity: How to be proactive Request our Cybersecurity infographic for a more detailed look at the growing number of cyber attacks bswllc.com/cyber. INFOGRAPHIC Tony Munns FBCS, CITP, CIRM, CISA Partner Risk Advisory Services tmunns@bswllc.com © 2014 Brown Smith Wallace