Avoid The Headlines!

David Ratcliffe, President | April 22, 2015 | 4 comments Certification Events Industry News Leadership Practices
This past February at Pink15 I expressed the opinion that it's time we paid more attention to the increasingly diverse threats to our cyber assets. The justification for this has never been more obvious. Every single day - and I mean EVERY SINGLE DAY! - there are new stories of data, services or infrastructure being compromised. The causes? Either our own carelessness and complacency, or the mischief-makers! (Could be cyber criminals, or could be thrill seeking youngsters with some new skills and too much time on their hands). If you still need convincing, set your browser's Home Page to Information Week's "Dark Reading" website for a few days and see what pops up every morning. Also, take a look at the FireEye website with the real-time threat map depicting hacks-in-action. Or this one here from Kaspersky. It's time to acknowledge this is a vital issue. And when I say "vital" I really mean VITAL. In the military when something is "vital" it means "get it done, or we die". For us in business, paying attention to cyber threats by doing risk management and building resiliency, is vital. If we don't do it - we could go out of business. According to Inc., 60% of small businesses will fail within 6 months of a cyber attack. It's as simple as that. Of course when we hear about organizations like .... Target - who had credit card details of up to 70m customers stolen Sony - who suffered 3 separate high-profile breaches in 2014. (You can find more information yourself by doing your own web search with the keywords "Sony" and "cyber breach", because, who knows there may be even more than 3 by the time you read this!) JP Morgan - who - as a result of hacking - had personal records of 76m households and 7m small businesses stolen US Department of Veterans Affairs - who payed out $20m to settle a class action lawsuit because an employee lost a laptop containing a database of 26.5m personal records of veterans and active duty personnel .... we think "Well that's their problem. Nothing to do with me!" Really? According to Misha Glenny - the opening keynote speaker at our upcoming Cyber Risk & Resilience Summit in June - "There are two types of organizations. Those who know they've been hacked. And those who don't know they've been hacked." So even putting aside the risks to our cyber assets through our own carelessness (losing a laptop) and complacency ("it can't happen to us") - according to Glenny, we're ALL going to be hacked at some point! So isn't it time you made the effort to learn more about the scope of this problem, and what you can do about it? You can start by coming along to the Summit in June. We can't promise your organization will not "hit the headlines", but what we can promise is that when it does happen, what you learn at the Summit will have helped you to minimize the damage. That's what we mean by "cyber resilience".

Like this article? Like

View Comments (4)

Comments

Hi David
I dig the importance of cyber security.
And you guys are really good at targeting key issues that deserve a conference, e.g. the PINKFORUM leadership conference (a really great conf, BTW).

But is it any more important than say BCP and DR?  Seems to me there are as many orgs taking as many risks with this issue.
Or my favourite #1 issue: organisational change in IT.

Does cybersecurity really stand out form the other major challenges IT faces right now?

The IT Skeptic | April 25, 2015 at 9:00pm

Thanks, Rob.

In my view cyber IN-security is one of the top issues IT managers should be most concerned with today. Depending on which survey, report or opinion you read it’s either 1st, 2nd, 3rd or not in the list at all! And lack of cyber resilience has a direct impact on IT performance and business value.

I make no apology for labouring the point that we need to address the resilience of our cyber assets, not just the security of them. The whole premise of “cyber resilience” is hinged on the acceptance that no matter how much security you put in place, there will still be breaches. And it’s your resilience that will minimize the impact.

As for BCP (Business Continuity Planning) and DR (Disaster Recovery) - they are no more important than Cyber Resilience. In each instance we’re talking about Risk Management - our level of preparedness for different types of threats that can cause varying degrees of service/business interruption. I like the term “cyber resilience” because, to me, it can be the overall umbrella term to encompass Security, BCP & DR.

David Ratcliffe, President | April 27, 2015 at 9:53am

Good point about the distinction between security and resilience

The IT Skeptic | April 27, 2015 at 6:23pm

One of the problems the IT industry faces in this area is that the individual IT professional doesn’t yet see value in gaining knowledge (training & certification) in cyber resilience.

The primary beneficiary is the organization. So, until we can convince the most senior people in IT - those accountable for the reliability, availability and cost of IT infrastructure and services - to understand the evolving risks to cyber assets and what can be done to mitigate those risks, we’ll just continue to see embarrassing incidents in the news like those at Sony, Target, JP Morgan, US military, etc. etc.

See the World’s Biggest Data Breaches & Hacks at: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ for a scary look at the scope and scale of what’s happened in the last few years.

David Ratcliffe, President | April 28, 2015 at 5:16pm

Post a comment