SlideShare a Scribd company logo
Anthony Munns, an IT audit and
security partner at Brown Smith
Wallace, has more than 20 years
of experience with information technology
and security, and he has watched the issue
of cyber threats grow over the years. He
knows the extent to which companies can
be affected by cyberattacks. He also knows
what they can do to get ahead of threats.
How are companies affected by cyber
security breaches?
Organizations are seeing the Target
and Michael’s problems where financial
information is being compromised, whether
it’s credit card details or transactions. They
are seeing loss of personal information,
which is potentially leading to identity
theft, and seeing losses of personally
identifiable information (PII), which is
compromising their requirements to keep
that kind of information secure.
There’s a“who’s next?”type of concern
out there. It’s impacting the cost side of
things: Are you going to have to conduct
investigations, provide notifications? How
do you fix your sites and keep yourselves
from becoming the next victim? There is the
indirect impact: loss of reputation, loss of
business and the threat of sanctions being
applied to the company.
How have cyber threats become more
advanced in recent years?
Pretty well everybody is connected, and it
is easier for the people who are trying to
break into systems to find targets. What’s
evolved is the type of people that are doing
the targeting now has changed. You’ve got
a couple of major new players out there in
terms of organized crime, which is now not
just after the value of financial information,
but also the value of PII and medical
information because they can use that data
to generate money as well. And you’ve got
the state-sponsored attacks - the Chinese
intellectual property attacks, for example,
that are going on.
Now, it’s not just the high-profile companies
that are being targeted. It’s more a crime
of opportunity where they control a large
number of sites and can go for where the
weaknesses are in the system and exploit
those known weaknesses.
What can companies do to prevent
and detect a cyber security breach
before it happens?
You have to be far more cognizant of the
potential risk that is involved with the use of
technology, and you’ve got to understand
that risk and put the appropriate steps
in place to prevent yourself from being
vulnerable.
First, you should conduct a security risk
assessment to understand where the
potential weak points are in your security
infrastructure. You should ensure that
you’ve got employee awareness of the
risks of the different types and methods of
accessing systems. We’ve talked about the
system vulnerabilities: A lot of those are
making sure you are on the latest version
of operating systems and making sure your
components are updated, and that all the
patches have been applied to keep this risk
low.
An IT assessment conducted by an outside
expert will provide objective insight and
help tremendously in terms of blocking
attacks and making sure your company is at
the level where your risk is reduced so that
only the most determined attacker might
get into your organization.
Have you considered encrypting your
data? This capability is built into operating
systems today for many different platforms.
Do you have a bring-your-own-device
policy as an organization? Do you have
appropriate measures in place that the
employee has to agree to in terms of being
required to have a password on the device?
For example, do you require a remote wipe
if that device is lost or stolen?
What should companies do to
remediate the damages of a security
breach?
You’ve got to ensure that you have the
appropriate tools in place to monitor and
detect breaches within your system. Do
you have a procedure where you monitor
your security logs? Do you have a data leak
prevention approach? Do you know if data
is being taken outside of your organization?
The second piece is do you have an incident
management plan. You need to talk to your
legal people. You’ve got a lot of implications
as far as compliance and regulations. A lot
of companies are in industries that have
to be compliant. Forty-six states have data
breach laws. The chances are you’re either
operating in a state or your customers are
in a state that has a data breach notification
requirement.
You’ve got a public relations element as
well. You’ve got to have a comprehensive
incident management plan that covers that
spectrum - that can help you manage the
potential reputation impact that comes out
of this and the sheer cost of this particular
problem that can result in a huge loss of
revenue as customers leave your brand.
Do you have cyber insurance? General
business liability policies typically now
require separate coverage. Have you talked
to your broker to ensure you have the
proper insurance at a competitive price? If
it happens to you, you’ll want to be covered
against what can be significant losses.
Cybersecurity: How to be proactive
Request our Cybersecurity
infographic for a more detailed
look at the growing number of
cyber attacks bswllc.com/cyber.
INFOGRAPHIC
Tony Munns
FBCS, CITP, CIRM, CISA
Partner
Risk Advisory Services
tmunns@bswllc.com
© 2014 Brown Smith Wallace

More Related Content

What's hot

Website security
Website securityWebsite security
Website security
RIPPER95
 
ransomware_infographic-6-2016
ransomware_infographic-6-2016ransomware_infographic-6-2016
ransomware_infographic-6-2016
Sal Rodriguez
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
DM_GS
 
Human Risk Management
Human Risk ManagementHuman Risk Management
Human Risk Management
John Grennan
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
David Mai, MBA
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cybera Inc.
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information System
Theodore Le
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
Kashif Ali
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
ObserveIT
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Logikcull.com
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hacking
joeymar143
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
 
Phishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMPhishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAM
Courion Corporation
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling Access
BeyondTrust
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
DMI
 
Jonathan raymond 2010 rotman telus - atlseccon2011
Jonathan raymond   2010 rotman telus - atlseccon2011Jonathan raymond   2010 rotman telus - atlseccon2011
Jonathan raymond 2010 rotman telus - atlseccon2011
Atlantic Security Conference
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
BeyondTrust
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
Bhadra Gowdra
 
Class4 Security
Class4 SecurityClass4 Security
Class4 Security
RMS
 

What's hot (20)

Website security
Website securityWebsite security
Website security
 
ransomware_infographic-6-2016
ransomware_infographic-6-2016ransomware_infographic-6-2016
ransomware_infographic-6-2016
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
 
Human Risk Management
Human Risk ManagementHuman Risk Management
Human Risk Management
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information System
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hacking
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
 
Phishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMPhishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAM
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling Access
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
Jonathan raymond 2010 rotman telus - atlseccon2011
Jonathan raymond   2010 rotman telus - atlseccon2011Jonathan raymond   2010 rotman telus - atlseccon2011
Jonathan raymond 2010 rotman telus - atlseccon2011
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
Class4 Security
Class4 SecurityClass4 Security
Class4 Security
 

Viewers also liked

Cybersecurity: A Vital Concern for Today's Companies
Cybersecurity: A Vital Concern for Today's CompaniesCybersecurity: A Vital Concern for Today's Companies
Cybersecurity: A Vital Concern for Today's Companies
Brown Smith Wallace
 
How to Develop an Internal Control Manual
How to Develop an Internal Control ManualHow to Develop an Internal Control Manual
How to Develop an Internal Control Manual
Brown Smith Wallace
 
A Partnership You Can Bank On
A Partnership You Can Bank OnA Partnership You Can Bank On
A Partnership You Can Bank On
Brown Smith Wallace
 
Disaster recovery and Preparedness Infographic
Disaster recovery and Preparedness Infographic Disaster recovery and Preparedness Infographic
Disaster recovery and Preparedness Infographic
Brown Smith Wallace
 
The New Imperative: Benchmarking Your 401(k) Plan
The New Imperative: Benchmarking Your 401(k) PlanThe New Imperative: Benchmarking Your 401(k) Plan
The New Imperative: Benchmarking Your 401(k) Plan
Brown Smith Wallace
 
Credit limitincreaseform
Credit limitincreaseformCredit limitincreaseform
Credit limitincreaseform
Jeevan Anthony
 
FindYourWayInTheWorld Social Media Course: TasteTheFood
FindYourWayInTheWorld Social Media Course: TasteTheFoodFindYourWayInTheWorld Social Media Course: TasteTheFood
FindYourWayInTheWorld Social Media Course: TasteTheFood
JcMETAV
 
FindYourWayInTheWorld Social Media Course: PlayTheGame
FindYourWayInTheWorld Social Media Course: PlayTheGameFindYourWayInTheWorld Social Media Course: PlayTheGame
FindYourWayInTheWorld Social Media Course: PlayTheGame
JcMETAV
 
Blogging 101: URJ Social Media Boot Camp
Blogging 101: URJ Social Media Boot CampBlogging 101: URJ Social Media Boot Camp
Blogging 101: URJ Social Media Boot Camp
Lisa Colton
 
Meta soft corporate profile
Meta soft  corporate profileMeta soft  corporate profile
Meta soft corporate profile
Metasoft Solutions Pvt Ltd
 
Policy recommendations and considerations on peatlands & REDD+ for SBSTA
Policy recommendations and considerations on peatlands & REDD+ for SBSTAPolicy recommendations and considerations on peatlands & REDD+ for SBSTA
Policy recommendations and considerations on peatlands & REDD+ for SBSTA
Wetlands International
 
CRM AddOn Dial IT eCast
CRM AddOn Dial IT eCastCRM AddOn Dial IT eCast
CRM AddOn Dial IT eCast
patrick_m
 
Aperture card scanners in ontario - mes hybrid
Aperture card scanners in ontario  - mes hybridAperture card scanners in ontario  - mes hybrid
Aperture card scanners in ontario - mes hybrid
MES Hybrid
 
Clad agm intro_dave_gilvear
Clad agm intro_dave_gilvearClad agm intro_dave_gilvear
Clad agm intro_dave_gilvear
CarbonLandscapes
 
Clad oct09 jdawson
Clad oct09 jdawsonClad oct09 jdawson
Clad oct09 jdawson
CarbonLandscapes
 
Behaviour in Holland
Behaviour in HollandBehaviour in Holland
Behaviour in Holland
BELLExHOI
 

Viewers also liked (16)

Cybersecurity: A Vital Concern for Today's Companies
Cybersecurity: A Vital Concern for Today's CompaniesCybersecurity: A Vital Concern for Today's Companies
Cybersecurity: A Vital Concern for Today's Companies
 
How to Develop an Internal Control Manual
How to Develop an Internal Control ManualHow to Develop an Internal Control Manual
How to Develop an Internal Control Manual
 
A Partnership You Can Bank On
A Partnership You Can Bank OnA Partnership You Can Bank On
A Partnership You Can Bank On
 
Disaster recovery and Preparedness Infographic
Disaster recovery and Preparedness Infographic Disaster recovery and Preparedness Infographic
Disaster recovery and Preparedness Infographic
 
The New Imperative: Benchmarking Your 401(k) Plan
The New Imperative: Benchmarking Your 401(k) PlanThe New Imperative: Benchmarking Your 401(k) Plan
The New Imperative: Benchmarking Your 401(k) Plan
 
Credit limitincreaseform
Credit limitincreaseformCredit limitincreaseform
Credit limitincreaseform
 
FindYourWayInTheWorld Social Media Course: TasteTheFood
FindYourWayInTheWorld Social Media Course: TasteTheFoodFindYourWayInTheWorld Social Media Course: TasteTheFood
FindYourWayInTheWorld Social Media Course: TasteTheFood
 
FindYourWayInTheWorld Social Media Course: PlayTheGame
FindYourWayInTheWorld Social Media Course: PlayTheGameFindYourWayInTheWorld Social Media Course: PlayTheGame
FindYourWayInTheWorld Social Media Course: PlayTheGame
 
Blogging 101: URJ Social Media Boot Camp
Blogging 101: URJ Social Media Boot CampBlogging 101: URJ Social Media Boot Camp
Blogging 101: URJ Social Media Boot Camp
 
Meta soft corporate profile
Meta soft  corporate profileMeta soft  corporate profile
Meta soft corporate profile
 
Policy recommendations and considerations on peatlands & REDD+ for SBSTA
Policy recommendations and considerations on peatlands & REDD+ for SBSTAPolicy recommendations and considerations on peatlands & REDD+ for SBSTA
Policy recommendations and considerations on peatlands & REDD+ for SBSTA
 
CRM AddOn Dial IT eCast
CRM AddOn Dial IT eCastCRM AddOn Dial IT eCast
CRM AddOn Dial IT eCast
 
Aperture card scanners in ontario - mes hybrid
Aperture card scanners in ontario  - mes hybridAperture card scanners in ontario  - mes hybrid
Aperture card scanners in ontario - mes hybrid
 
Clad agm intro_dave_gilvear
Clad agm intro_dave_gilvearClad agm intro_dave_gilvear
Clad agm intro_dave_gilvear
 
Clad oct09 jdawson
Clad oct09 jdawsonClad oct09 jdawson
Clad oct09 jdawson
 
Behaviour in Holland
Behaviour in HollandBehaviour in Holland
Behaviour in Holland
 

Similar to Cybersecurity: How to be Proactive

Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
John Bambenek
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
TheWalkerGroup1
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
SecurityMetrics
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdf
gokuforhelp
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docx
GogoOmolloFrancis
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
Brian Pichman
 
Copy of The Ongoing Threat of Ransomware on Small to Medium-Si
Copy of The Ongoing Threat of Ransomware on Small to Medium-SiCopy of The Ongoing Threat of Ransomware on Small to Medium-Si
Copy of The Ongoing Threat of Ransomware on Small to Medium-Si
AlleneMcclendon878
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
Mark Bennett
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
CBIZ, Inc.
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
DMIMarketing
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
Bala Guntipalli ♦ MBA
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Enterprise Insider
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
Grant Thornton LLP
 
How to protect your company from cyber attacks
How to protect your company from cyber attacksHow to protect your company from cyber attacks
How to protect your company from cyber attacks
Company
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
CRO Cyber Rights Organization
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
EMC
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptx
CompanySeceon
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
Dominic Vogel
 

Similar to Cybersecurity: How to be Proactive (20)

Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
security-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdfsecurity-team-guide-reducing-operational-risk.pdf
security-team-guide-reducing-operational-risk.pdf
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docx
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
Copy of The Ongoing Threat of Ransomware on Small to Medium-Si
Copy of The Ongoing Threat of Ransomware on Small to Medium-SiCopy of The Ongoing Threat of Ransomware on Small to Medium-Si
Copy of The Ongoing Threat of Ransomware on Small to Medium-Si
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
How to protect your company from cyber attacks
How to protect your company from cyber attacksHow to protect your company from cyber attacks
How to protect your company from cyber attacks
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptx
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 

More from Brown Smith Wallace

Retail Industry Advisory Services
Retail Industry Advisory ServicesRetail Industry Advisory Services
Retail Industry Advisory Services
Brown Smith Wallace
 
Cost Segregation
Cost SegregationCost Segregation
Cost Segregation
Brown Smith Wallace
 
Paying Income Taxes Can Reduce Estate Taxes
Paying Income Taxes Can Reduce Estate TaxesPaying Income Taxes Can Reduce Estate Taxes
Paying Income Taxes Can Reduce Estate Taxes
Brown Smith Wallace
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0
Brown Smith Wallace
 
Connect the Dots to Create Value
Connect the Dots to Create ValueConnect the Dots to Create Value
Connect the Dots to Create Value
Brown Smith Wallace
 
Estate Planning
Estate PlanningEstate Planning
Estate Planning
Brown Smith Wallace
 
BSW Family of Services
BSW Family of Services BSW Family of Services
BSW Family of Services
Brown Smith Wallace
 
Employer and Employee Costs for Various Health Plan Types
Employer and Employee Costs for Various Health Plan TypesEmployer and Employee Costs for Various Health Plan Types
Employer and Employee Costs for Various Health Plan Types
Brown Smith Wallace
 
Value Stream Mapping: How to Identify and Reduce Waste
Value Stream Mapping: How to Identify and Reduce WasteValue Stream Mapping: How to Identify and Reduce Waste
Value Stream Mapping: How to Identify and Reduce Waste
Brown Smith Wallace
 
The 6 Must-Haves for Your Cyber Security Policy
The 6 Must-Haves for Your Cyber Security PolicyThe 6 Must-Haves for Your Cyber Security Policy
The 6 Must-Haves for Your Cyber Security Policy
Brown Smith Wallace
 
Phishing Statistics
Phishing StatisticsPhishing Statistics
Phishing Statistics
Brown Smith Wallace
 
Brown Smith Wallace Cyber Security Infographic
Brown Smith Wallace Cyber Security InfographicBrown Smith Wallace Cyber Security Infographic
Brown Smith Wallace Cyber Security Infographic
Brown Smith Wallace
 
Overcoming Tax Challenges
Overcoming Tax ChallengesOvercoming Tax Challenges
Overcoming Tax Challenges
Brown Smith Wallace
 
Financial Fitness February 2016
Financial Fitness February 2016Financial Fitness February 2016
Financial Fitness February 2016
Brown Smith Wallace
 
Financial fitness oct 2015
Financial fitness oct 2015Financial fitness oct 2015
Financial fitness oct 2015
Brown Smith Wallace
 
Financial Fitness August 2015
Financial Fitness August 2015Financial Fitness August 2015
Financial Fitness August 2015
Brown Smith Wallace
 
Brown Smith Wallace IC-DISC
Brown Smith Wallace IC-DISCBrown Smith Wallace IC-DISC
Brown Smith Wallace IC-DISC
Brown Smith Wallace
 
Brown Smith Wallace Selling Your Business
Brown Smith Wallace Selling Your BusinessBrown Smith Wallace Selling Your Business
Brown Smith Wallace Selling Your Business
Brown Smith Wallace
 
Brown Smith Wallace Company Exports
Brown Smith Wallace Company Exports Brown Smith Wallace Company Exports
Brown Smith Wallace Company Exports
Brown Smith Wallace
 
Brown Smith Wallace Occupational Fraud
Brown Smith Wallace Occupational FraudBrown Smith Wallace Occupational Fraud
Brown Smith Wallace Occupational Fraud
Brown Smith Wallace
 

More from Brown Smith Wallace (20)

Retail Industry Advisory Services
Retail Industry Advisory ServicesRetail Industry Advisory Services
Retail Industry Advisory Services
 
Cost Segregation
Cost SegregationCost Segregation
Cost Segregation
 
Paying Income Taxes Can Reduce Estate Taxes
Paying Income Taxes Can Reduce Estate TaxesPaying Income Taxes Can Reduce Estate Taxes
Paying Income Taxes Can Reduce Estate Taxes
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0
 
Connect the Dots to Create Value
Connect the Dots to Create ValueConnect the Dots to Create Value
Connect the Dots to Create Value
 
Estate Planning
Estate PlanningEstate Planning
Estate Planning
 
BSW Family of Services
BSW Family of Services BSW Family of Services
BSW Family of Services
 
Employer and Employee Costs for Various Health Plan Types
Employer and Employee Costs for Various Health Plan TypesEmployer and Employee Costs for Various Health Plan Types
Employer and Employee Costs for Various Health Plan Types
 
Value Stream Mapping: How to Identify and Reduce Waste
Value Stream Mapping: How to Identify and Reduce WasteValue Stream Mapping: How to Identify and Reduce Waste
Value Stream Mapping: How to Identify and Reduce Waste
 
The 6 Must-Haves for Your Cyber Security Policy
The 6 Must-Haves for Your Cyber Security PolicyThe 6 Must-Haves for Your Cyber Security Policy
The 6 Must-Haves for Your Cyber Security Policy
 
Phishing Statistics
Phishing StatisticsPhishing Statistics
Phishing Statistics
 
Brown Smith Wallace Cyber Security Infographic
Brown Smith Wallace Cyber Security InfographicBrown Smith Wallace Cyber Security Infographic
Brown Smith Wallace Cyber Security Infographic
 
Overcoming Tax Challenges
Overcoming Tax ChallengesOvercoming Tax Challenges
Overcoming Tax Challenges
 
Financial Fitness February 2016
Financial Fitness February 2016Financial Fitness February 2016
Financial Fitness February 2016
 
Financial fitness oct 2015
Financial fitness oct 2015Financial fitness oct 2015
Financial fitness oct 2015
 
Financial Fitness August 2015
Financial Fitness August 2015Financial Fitness August 2015
Financial Fitness August 2015
 
Brown Smith Wallace IC-DISC
Brown Smith Wallace IC-DISCBrown Smith Wallace IC-DISC
Brown Smith Wallace IC-DISC
 
Brown Smith Wallace Selling Your Business
Brown Smith Wallace Selling Your BusinessBrown Smith Wallace Selling Your Business
Brown Smith Wallace Selling Your Business
 
Brown Smith Wallace Company Exports
Brown Smith Wallace Company Exports Brown Smith Wallace Company Exports
Brown Smith Wallace Company Exports
 
Brown Smith Wallace Occupational Fraud
Brown Smith Wallace Occupational FraudBrown Smith Wallace Occupational Fraud
Brown Smith Wallace Occupational Fraud
 

Recently uploaded

Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 

Recently uploaded (20)

Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 

Cybersecurity: How to be Proactive

  • 1. Anthony Munns, an IT audit and security partner at Brown Smith Wallace, has more than 20 years of experience with information technology and security, and he has watched the issue of cyber threats grow over the years. He knows the extent to which companies can be affected by cyberattacks. He also knows what they can do to get ahead of threats. How are companies affected by cyber security breaches? Organizations are seeing the Target and Michael’s problems where financial information is being compromised, whether it’s credit card details or transactions. They are seeing loss of personal information, which is potentially leading to identity theft, and seeing losses of personally identifiable information (PII), which is compromising their requirements to keep that kind of information secure. There’s a“who’s next?”type of concern out there. It’s impacting the cost side of things: Are you going to have to conduct investigations, provide notifications? How do you fix your sites and keep yourselves from becoming the next victim? There is the indirect impact: loss of reputation, loss of business and the threat of sanctions being applied to the company. How have cyber threats become more advanced in recent years? Pretty well everybody is connected, and it is easier for the people who are trying to break into systems to find targets. What’s evolved is the type of people that are doing the targeting now has changed. You’ve got a couple of major new players out there in terms of organized crime, which is now not just after the value of financial information, but also the value of PII and medical information because they can use that data to generate money as well. And you’ve got the state-sponsored attacks - the Chinese intellectual property attacks, for example, that are going on. Now, it’s not just the high-profile companies that are being targeted. It’s more a crime of opportunity where they control a large number of sites and can go for where the weaknesses are in the system and exploit those known weaknesses. What can companies do to prevent and detect a cyber security breach before it happens? You have to be far more cognizant of the potential risk that is involved with the use of technology, and you’ve got to understand that risk and put the appropriate steps in place to prevent yourself from being vulnerable. First, you should conduct a security risk assessment to understand where the potential weak points are in your security infrastructure. You should ensure that you’ve got employee awareness of the risks of the different types and methods of accessing systems. We’ve talked about the system vulnerabilities: A lot of those are making sure you are on the latest version of operating systems and making sure your components are updated, and that all the patches have been applied to keep this risk low. An IT assessment conducted by an outside expert will provide objective insight and help tremendously in terms of blocking attacks and making sure your company is at the level where your risk is reduced so that only the most determined attacker might get into your organization. Have you considered encrypting your data? This capability is built into operating systems today for many different platforms. Do you have a bring-your-own-device policy as an organization? Do you have appropriate measures in place that the employee has to agree to in terms of being required to have a password on the device? For example, do you require a remote wipe if that device is lost or stolen? What should companies do to remediate the damages of a security breach? You’ve got to ensure that you have the appropriate tools in place to monitor and detect breaches within your system. Do you have a procedure where you monitor your security logs? Do you have a data leak prevention approach? Do you know if data is being taken outside of your organization? The second piece is do you have an incident management plan. You need to talk to your legal people. You’ve got a lot of implications as far as compliance and regulations. A lot of companies are in industries that have to be compliant. Forty-six states have data breach laws. The chances are you’re either operating in a state or your customers are in a state that has a data breach notification requirement. You’ve got a public relations element as well. You’ve got to have a comprehensive incident management plan that covers that spectrum - that can help you manage the potential reputation impact that comes out of this and the sheer cost of this particular problem that can result in a huge loss of revenue as customers leave your brand. Do you have cyber insurance? General business liability policies typically now require separate coverage. Have you talked to your broker to ensure you have the proper insurance at a competitive price? If it happens to you, you’ll want to be covered against what can be significant losses. Cybersecurity: How to be proactive Request our Cybersecurity infographic for a more detailed look at the growing number of cyber attacks bswllc.com/cyber. INFOGRAPHIC Tony Munns FBCS, CITP, CIRM, CISA Partner Risk Advisory Services tmunns@bswllc.com © 2014 Brown Smith Wallace