{"id":1249,"date":"2019-02-15T10:32:02","date_gmt":"2019-02-15T10:32:02","guid":{"rendered":"http:\/\/kusuaks7\/?p=854"},"modified":"2023-07-26T15:45:03","modified_gmt":"2023-07-26T15:45:03","slug":"what-s-your-1-cybersecurity-priority","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/iot\/what-s-your-1-cybersecurity-priority\/","title":{"rendered":"What&#8217;s Your #1 Cybersecurity Priority?"},"content":{"rendered":"<p><strong><em>Ready to learn Internet of Things? <a href=\"https:\/\/www.experfy.com\/training\/courses\">Browse courses<\/a>\u00a0like\u00a0<a href=\"https:\/\/www.experfy.com\/training\/courses\/cyber-security-for-the-iot\">Cyber Security for the IoT<\/a> developed by industry thought leaders and Experfy in Harvard Innovation Lab.<\/em><\/strong><\/p>\n<p>It turns out that answering this question is harder than it seems at first blush.<\/p>\n<p>But there is no shortage of suggestions:<\/p>\n<ul>\n<li>Ensure 100% of patch updates on open source software (homage to Equifax)<\/li>\n<li>Create new board level committee on cyber security (just like compensation or audit)<\/li>\n<li>Establish a baseline cyber security exposure measure<\/li>\n<li>Add cyber security responsibilities to your HR processes (job descriptions, on-boarding, training, performance reviews)<\/li>\n<li>Implement recovery and remediation processes in case of a breach<\/li>\n<li>Deploy edge security for early detection<\/li>\n<\/ul>\n<h3><strong>A Difficult Question, It Is<\/strong><\/h3>\n<p>For most business executives (and yoda), the answer to this question is becoming increasingly complex.<\/p>\n<p>The constant stream of new cybersecurity technologies and security acronyms (DLP, APT, GRC, EDR, EUBA, etc.) can be mind numbing to &#8220;mere mortals.&#8221;<\/p>\n<p>At the same time, good cybersecurity hygiene is a requirement in our digital connected world. Threats are growing daily &#8211; from new IoT devices to employee and business partner exposures.<\/p>\n<p align=\"center\"><em>Last year was terrible for corporate victims of cyberattacks, with many large organizations making headlines over reports of major breaches. Ransomware attacks quadrupled to 4,000 per day from 2015 to 2016, according to the\u00a0\u00a0<a href=\"https:\/\/www.justice.gov\/criminal-ccips\/file\/872771\/download\" target=\"_blank\" rel=\"noopener noreferrer\">U.S. Department of Justice<\/a>.<\/em><\/p>\n<p align=\"center\"><em><a href=\"https:\/\/www.forbes.com\/sites\/eycybersecurity\/2017\/03\/20\/why-cybersecurity-should-be-a-no-1-business-priority-for-2017\/#1fc750ae1719\" target=\"_blank\" rel=\"noopener noreferrer\">Why Cybersecurity Should Be A No. 1 Business Priority For 2017<\/a><\/em><\/p>\n<h3><strong>Where Do I Start?<\/strong><\/h3>\n<p>While it&#8217;s clear that cybersecurity needs to be more mainstream, many executives just don&#8217;t know where to start.<\/p>\n<p>Unfortunately this means that a high percentage of companies are not even taking the basic steps.<\/p>\n<p align=\"center\"><em>The top 10 external vulnerabilities accounted for nearly 52 percent of all identified external vulnerabilities\u00a0Thousands of vulnerabilities account for the other 48 percent.<\/em><\/p>\n<p align=\"center\"><em>The top 10 internal vulnerabilities accounted for over 78 percent of all internal vulnerabilities during 2015.\u00a0All 10 internal vulnerabilities are directly related to\u00a0outdated patch levels\u00a0on the target systems.<\/em><\/p>\n<p align=\"center\"><em><a href=\"https:\/\/heimdalsecurity.com\/blog\/10-critical-corporate-cyber-security-risks-a-data-driven-list\/\" target=\"_blank\" rel=\"noopener noreferrer\">Heimdal Security Blog &amp; NTT Threat Intelligence Report<\/a><\/em><\/p>\n<h3><strong>Start With Your Business Risks<\/strong><\/h3>\n<p>Begin with your business goals and objectives.<\/p>\n<p>Risks (not just cyber-related) can then be identified and prioritized based on business impact (revenue, expense, and profitability).<\/p>\n<p>Risks should include events or activities that will prevent you from achieving your goals and\/or increase the probability of achieving those same goals.<\/p>\n<p align=\"center\"><em>According to\u00a0Allianz, the top three business risks are: 1) Business interruption (incl. supply chain disruption and vulnerability); 2) Market developments (volatility, intensified competition\/new entrants, M&amp;A, market stagnation, market fluctuation); and 3) Cyber incidents (cyber crime, IT failure, data breaches, etc.).<\/em><\/p>\n<h3><strong>Identify and Prioritize Your IT and OT Risk<\/strong><\/h3>\n<p>The list of possible IT\/OT risks and opportunities are numerous and complex. .<\/p>\n<p>But your list does not need to be perfect. Just start somewhere.<\/p>\n<p>What might be &#8220;newsworthy&#8221; may or may not actually be important or applicable to your business.<\/p>\n<p align=\"center\"><em>News flashes and sound bites are constantly calling our attention to the latest hacks or threats to our cybersecurity that seem to be filling our social media news feeds and television reporting circuits.<\/em><\/p>\n<p align=\"center\"><em><a href=\"https:\/\/www.forbes.com\/sites\/robertadams\/2017\/04\/04\/top-online-threats-to-your-cybersecurity-and-how-to-deal-with-them\/#32c1aa8031be\" target=\"_blank\" rel=\"noopener noreferrer\">Top Online Threats To Your Cybersecurity And How To Deal With Them<\/a><\/em><\/p>\n<h3><strong>Baseline Your IT\/OT Risk<\/strong><\/h3>\n<p>There is no single right way to create such a list nor measure them.<\/p>\n<p>There are many other options ranging from qualitative surveys (@<a href=\"https:\/\/www.cyberriskopportunities.com\/cyber-risk-solutions\/\" target=\"_blank\" rel=\"noopener noreferrer\">cyberriskopportunities<\/a>) to vulnerability scanning (@<a href=\"https:\/\/www.tenable.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">tenable<\/a>).<\/p>\n<p>Recently a\u00a0<a href=\"https:\/\/www.insurancejournal.com\/news\/national\/2017\/06\/21\/455258.htm\" target=\"_blank\" rel=\"noopener noreferrer\">cyber equivalent of a FICO credit score<\/a>\u00a0was proposed.<\/p>\n<p><a href=\"https:\/\/www.nist.gov\/cyberframework\" target=\"_blank\" rel=\"noopener noreferrer\">NIST<\/a>\u00a0has also published a framework to capture cybersecurity-related risk.<\/p>\n<p>Focus on establishing a quantitative measure (e.g the likelihood of the occurrence and the potential impact of such event).<\/p>\n<p>Even if such measure is subjective, it will be invaluable in prioritizing.<\/p>\n<p>Given your\u00a0<a href=\"https:\/\/krebsonsecurity.com\/2015\/04\/whats-your-security-maturity-level\/\" target=\"_blank\" rel=\"noopener noreferrer\">cybersecurity maturity<\/a>, the level of preciseness will vary so don&#8217;t worry about it being perfect to start.<\/p>\n<h3><strong>Creating and Implementing a Plan<\/strong><\/h3>\n<p>Your analysis will likely have more than one prioritized action.<\/p>\n<p>Pick just a few &#8212; start small and get some wins under your belt.<\/p>\n<p>Remember cybersecurity is as much as management issue as a technology one.<\/p>\n<p>No matter where you start, it&#8217;s better than not starting at all.<\/p>\n<p>Your plan can and should always be evolving.<\/p>\n<h3><strong>KISS &#8211; Your Cybersecurity Priorities &amp; Plan<\/strong><\/h3>\n<ol>\n<li>Start with a clear understanding of your business objectives.<\/li>\n<li>Identify potential risks<\/li>\n<li>Prioritize a limited number of cybersecurity risks based on your IT\/OT deployments<\/li>\n<li>Design, deliver and manage a plan (people, process and technology).<\/li>\n<li>Wash, rinse and repeat<\/li>\n<\/ol>\n<p><em>May the force be with you.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Good cybersecurity hygiene is a requirement in our digital connected world. Threats are growing daily &#8211; from new IoT devices to employee and business partner exposures. While it&#8217;s clear that cybersecurity needs to be more mainstream, many executives just don&#8217;t know where to start. Begin with your business goals and objectives.<\/p>\n","protected":false},"author":175,"featured_media":2650,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[195],"tags":[93],"ppma_author":[1706],"class_list":["post-1249","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iot","tag-internet-of-things"],"authors":[{"term_id":1706,"user_id":175,"is_guest":0,"slug":"michael-riemer","display_name":"Michael Riemer","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","user_url":"","last_name":"Riemer","first_name":"Michael","job_title":"","description":"Michael Riemer is Principal \/ Advisor (Enterprise IoT, Insur\/Fin-Tech, MarTech, MedTech at ABJJ Consulting. &nbsp;He has more than 30 years of building companies, teams, products, programs and relationships that deliver valuable customer outcomes.&nbsp; He is a regularly requested speaker, author, and industry authority on Industrial IoT and Digital Transformation."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/175"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=1249"}],"version-history":[{"count":5,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1249\/revisions"}],"predecessor-version":[{"id":29607,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1249\/revisions\/29607"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/2650"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=1249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=1249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=1249"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=1249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}