Top 5 Takeaways from Security Solutions Day
Security Solutions Day at Blockland
(December 11, 2019) was a day full of insightful cybersecurity tips. Experts from all industries including– technology, healthcare, financial services, manufacturing, law enforcement, and risk management joined in on the conversation. The overarching theme was that cyber threats are only becoming more sophisticated and everyone’s role is to better protect and prepare their organizations. Here are a few of our biggest takeaways:
Identify the risks within your organization, before a cybercriminal shows them to you.
This was a repeated common thread among all of the sessions, if you don’t identify the risks in your organization’s IT environment, you will only continue to weaken your security profile. Cybercrime is accelerating and the cyber threat landscape is constantly morphing as the adversary aggressively utilizes new technologies and techniques to gain access to your systems through business email compromise, phishing, and other means.
According to a recent IBM/Ponemon report, the average time to identify a breach is 206 days and 73 days to contain a breach, for a total of 279 days.
Improve your data security profile.
A good cyber hygiene is critical to thwarting cyber threats. In fact, cyber hygiene should be just as important and routine as personal hygiene. Having good cyber hygiene protocols is important for both maintenance and security and can be incorporated at any point in a device’s lifecycle. A good cyber hygiene practice helps keep your data organized, safe, and secure from cyberattacks. Are you using multi-factor authentication?
According to a Verizon Data Breach Investigation report, over 70% of employees reuse passwords at work.
Create an Incident Response Plan now rather than during an incident.
Experts told us that most organizations are not prepared for an incident. Rather than running around and making big company decisions during an attack, relieve the stress by creating a plan that is backed up with industry-proven best practices and protocols. It is the job of the organization to be prepared for an IT incident, particularly involving a cyber-attack–it’s not only an IT problem, it’s a business problem.
According to a recent report by the Ponemon Institute, 77% of companies don’t have a Cybersecurity Incident Response Plan.
Cyber Insurance helps you recover from a data breach.
The experts have always said it’s not a matter of if, it’s a matter of when. When you are impacted by a data breach, cyber insurance will help you recover from it. There is a lot of cost associated with a data breach–ransom (if paid), recovery, legal fees, repairing systems and recovering the data, business interruption, and the cost of your brand. It’s also important that if you have a preferred vendor, you add them to your policy–even if they are in-network at the time your policy is created, they may become out of network when you need them.
According to the American Land Title Association report, less than 60% of title companies have cyber insurance.
Create a Crisis Communication Plan to protect your assets and brand.
In the incident of a cyber breach, the last thing you want to do is write a press release on how your organization has been breached. Organizations that wait to respond create uncertainty and anger, ruining the trust you have built. The panel “What do we do now? Elements of an Effective Crisis Communications Plan” showed that writing a crisis communication plan can help ensure a successful outcome when one occurs. Who better to tell the story than you? Because if it’s not you, it’s someone else.
According to a study conducted by ODM Group, only 54% of companies have a developed crisis communication plan in place, despite the fact that 79% of business decision makers believe a crisis is impending within the next 12 months.
If you find yourself unsure on whether your organization is cyber mature, take our cyber maturity assessment: