CYBER SECURITY
Cyber Security Is Not An IT Problem
BY : SCOTT TEMPLIN , CYBER RISK ADVISOR , GENERAL INSURANCE SERVICES
There is no escaping . You cannot turn on the news or open your phone these days without hearing about another cyberattack . From meat suppliers to pipelines , our nation ’ s resources are being threatened at unprecedented levels , and the scariest part is that every single business regardless of size is at risk . In fact , 88 % of all organizations have been the target of an attack — and that number continues to rise . 1
With the average breach costing companies nearly $ 4 million , how is your business prepared to manage such a massive risk ? Unfortunately , the most common method I have found is placing it in the hands of their IT provider . On the surface , this seems like a well-informed decision . Why not have the tech guys who deal with “ this stuff ” every day be the ones keeping an eye on it ? I am here to tell you this couldn ’ t be further from the truth .
ORGANIZATIONS WHO PLACE CYBERSECURITY RISK MANAGEMENT IN THE HANDS OF THEIR IT DEPARTMENT ARE DOOMED TO FAIL .
Now I am not here to belittle the work of IT professionals . Whether they are in-house or managed by a third party , IT is a critical component to any business ’ s success . We have an excellent systems admin on our staff , and I have worked with countless other IT personnel over the years who excel at their jobs . The problem comes with the nature of cybersecurity and the specialization that goes into it . To better understand , let ’ s use a medical world example .
CARDIOLOGIST VS . GENERAL PRACTITIONER
Regular check-ups with your general practitioner to review your health are highly encouraged . Usually , you trust your doctor and listen to their advice . They are someone you can depend on to be there when you need them . However , if something serious happens regarding your heart , then you likely will need to see a cardiologist . This doesn ’ t mean your general practitioner is not good at what they do , but this ailment requires someone who specializes in it to help you fight the problem .
Cybersecurity follows this exact same path . Your IT team is your general practitioner , working with you to fix day-to-day issues and keep the operation healthy . Cyber risk is the heart disease . An all-encompassing issue to the health of your organization that goes beyond just your IT team . They will play an important role in keeping the disease in check , but the diagnosis and plan of action should be coming from ownership and executives working hand in hand with a team that specializes in cybersecurity .
TRUE CYBER RISK MANAGEMENT DEMANDS EXECUTIVE BUY-IN
“ My IT guy says we are good ” is not enough in 2021 to protect yourself from the onslaught of phishing attempts , malware , ransomware , and social engineering that plagues organizations of all sizes . A holistic approach to managing your cyber risk involves ownership and executives viewing numerous aspects of their organization to get a better understanding of where they stand and what needs to change .
Here are some questions they can ask themselves to get in the right mind-set :
• Who is accountable for cybersecurity compliance ?
• What kind of policies and procedures do we have in place for both before and after a hack ?
• What is our data backup and recovery plan ? Have we ever tested recovering from backups ?
• What are the hard costs associated with machines going down ?
• Do we have two-factor authentication in place ?
• Are we able to show how our firewall is detecting attempted hacks ?
• Do we understand what type of regulatory requirements we are required to meet ?
• What kind of security training do we have in place ?
• Are we currently assessing and improving our security measures ?
Cybersecurity is a business problem that requires a commitment from executive leaders to drive true change in the organization . If your organization is unable to or unsure of how to answer these questions , it is a good sign that you are likely at a high risk for a data breach or attack . Putting together a comprehensive plan to better understand and begin to truly manage your cyber risk can be a tough process , but it is absolutely vital for continued company growth .
For more information , Lachesis will be presenting locally at multiple seminars reviewing appropriate cyber risk management techniques and how organizations should properly assess their current cyber risk profiles . +
A graduate of Butler University in 2010 , Scott Templin moved to Northwest Indiana when his wife had the opportunity to return to the family farm in Westville . In his free time , Scott loves sports , cats , board games , and spending time with his wife and son .
1 . 2020 State of the Phish : An in-depth look at user awareness , vulnerability and resilience ( proofpoint . com ).
6