Byline: Lenny Chesal, Chief Evangelist for Host.net
On Tuesday, May 24th, I attended an information breakfast as part of the National Leadership Institute’s Thought Leaders Series with Brigadier General Gregory J. Touhill (ret.), presented by the Greater Boca Raton Chamber of Commerce. Touhill is currently Deputy Assistant Secretary Cybersecurity & Communications at US Department of Homeland Security/National Protection & Programs Directorate. The subject of his talk was extremely timely given the recent proliferation of ransomware programs shaking down large corporations to regain control of their data.
Deputy Assistant Touhill stressed the importance to “Know your enemy and know your business” when it comes to computerized assets, your data and IP is just as important as tangible assets. Touhill continued to lay out five enemies of corporate data, starting with reputation threat. Followed by malware/identity theft, then malicious cyber bullies, intellectual theft and, finally, internal threats due to careless, negligent or indifferent employees – one of the more conventional forms of abuse.
Helmuth von Moltke the Younger, who served as the Chief of the German General Staff right before WWI, once said, “He who defends everything, defends nothing.” This is exactly the message Touhill conveyed, focus on what’s most important and address the security and protection of just that. It’s critical to build a strategy and make sure your company knows it. Gather your team, establish best practices and ensure their implementation through education and perform annual cybersecurity audits.
Be certain to monitor and respond to cybersecurity through established metrics, train your team and hire well. Perform background checks, test your employees and perform exercises. Current statistics show that it takes half a year from infection to detection. A lot can happen in 6 months!
Don’t forget to watch your back door from former employees who have setup holes, to protect your backside audit them after they leave. Don’t be unprepared or surprised when this occurs, plan for the events by sending out notices when incidents occur and prepare PR’s in advance. The late legendary Green Bay Packers coach, Vince Lombardi, said, “Perfect practice makes perfect.”
Train, Test, Repeat, and Repeat!
For more information on the Computer Emergency Readiness Team (available 24/7) go to: https://www.us-cert.gov.