Takin’ Care of Business
The king of rock and roll, Elvis Presley, was famous for “Takin’ Care of Business.” But when it comes to a cybersecurity dashboard, are the right metrics and visibility in place to mount a proper cyber defense? Is your business really cared for and looked after to prevent dangerous cybercrimes? Or are cyber optics just along for the ride? The king of rock and roll, Elvis Presley, was famous for “Takin’ Care of Business.” But when it comes to a cybersecurity dashboard, are the right metrics and visibility in place to mount a proper cyber defense? Is your business really cared for and looked after to prevent dangerous cybercrimes? Or are cyber optics just along for the ride?
Ninety-three percent of construction, engineering, and infrastructure sector executives said their companies had experienced a cyber incident or information theft, loss or attack in the past year—the highest proportion of all sectors surveyed in Kroll’s 2017-2018 Global Fraud & Risk Report1. Additionally, eighty-three percent of these executives reported that their companies fell victim to at least one instance of fraud during the past twelve months – thirteen percentage points higher than last year’s survey.
Nearly four in ten executives surveyed said their companies had been impacted by a virus or worm attack, and thirty-one percent suffered a data breach. Businesses suffered significant economic damage from fraud, with more than a third of respondents reporting losses of seven percent or more of company revenues. Forty-four percent of respondents from the construction, engineering and infrastructure sector believe their companies are highly or somewhat vulnerable to information theft, loss, or attack. Yet, only sixty-one percent have a plan for securing intellectual property.
No matter how many news stories about hacks, information theft and cyber espionage surface within the Facebook or Twitter feed, the idea that it could happen to any organization sometimes remains just that. Many companies do not devote the proper resources to effectively safeguarding their networks, even though the global cost of cybercrime will reach $2 trillion by 2019, up three times the amount in 2015.
Don’t wait for cybercrime to strike — remember that the best defense is always a good offense. Maintaining a successful security strategy requires dedication and delivering on a strategy that supports all functions of an organization. Security is a company-wide issue, and quantifiable metrics not only unify language but also demonstrate success.
The IT team can’t catch what it doesn’t see. Maintaining a comprehensive view of the entire organization means more than just access to networks and systems. It requires an understanding of typical user behaviors and data traffic patterns, plus an awareness of corporate protocols as they relate to remote users and servers.
Proper visibility throughout an organization necessitates laser focus on:
• BYOD (Bring Your Own Devices) protocol and management. Most organizations have policies around personal devices brought from home. These may or may not be followed, so a closer eye on device usage throughout the organization is warranted.
• Email traffic. In the third quarter of 2016 alone, eighteen million new malware samples were captured. Viruses via email remain a top concern for security teams.
• Social and Internet traffic. It’s likely that most employees in an organization use social media, perhaps even to promote the business. Prevent them from becoming an avenue into committing fraud or damaging the brand.
• Unusual user behaviors. Understanding an organization’s user behaviors is key to spotting abnormal patterns. Communicate clear policies and expectations for employees and enforce compliance to avoid accidental missteps and catch genuine incidents.
• Cloud applications and virtual servers. Internet-based applications create functional and productivity tools for an organization, but they put data at risk. Careful monitoring and protective firewall construction prevent easy access for hackers.
Create a security plan with goals that are understood and supported by the whole company. Measurement offers a clear and concise method of presenting critical information, so it’s important to measure the right statistics. Communicate on stats and data aligned with business objectives to gain the support of employees and create a common language that everyone can understand. Focus on answering the following questions:
• How is the company doing compared to its peers? In today’s business environment, understanding how successfully the organization prevents data loss or theft compared to other companies in the industry provides a clear perspective on how effectively the strategy is working.
• How quickly can the company respond to a breach? A response plan to a potential security incident is a critical factor in recovering from a cybercrime. Remember, it’s not IF a company is breached, it’s when.
• Recognition of an incident, isolation of a breach and recovery convey the crucial steps to preventing widespread loss of private data. Two effective security metrics are “dwell time” and “lateral movement.” Dwell time answers the question, “how long did it take to find and contain a breach?” Lateral movement describes how a company was or was not able to prevent the cyber adversary’s movement throughout the network.
• Is the company getting better? Cybersecurity is never “done.” Regular audits of security processes and breach protocols provide opportunity to improve and excel. Make sure management is cognizant of the evolving journey.
• Is it spending enough (or too much) money? Aligning security technology and human resources with return on investment can be tricky, but budget allocations are a realistic pain point for many security departments and must be addressed.
Creating and maintaining a thorough view of an organization’s user, network and system traffic allows a security team to design a blueprint to a comprehensive security strategy. Communicating that plan and measuring its success requires the right metrics to align IT with business and prevent widespread damage from information thieves.
Be a cybersecurity rock star. Just like any musician, there will be big hits and flops. But when a company can see where it’s going, with the right visibility into systems, the company will be TCB – takin’ care of business.
Takin’ Care of Business: A Security To-Do List to Fend off Cybercrime. Eric Cole. Reprinted from ConstructionExec.com, Feb. 20, 2018, a publication of Associated Builders and Contractors. Copyright 2018. All rights reserved. Construction Sector Experiences Heightened Vulnerability to Fraud and Cyber Risks. Joanna Masterson. Excerpted from ConstructionExec.com, March 22, 2018, a publication of Associated Builders and Contractors. Copyright 2018. All rights reserved.
1. Global Fraud & Risk Report. 10th Annual Edition. 2017/2018. Retrieved from: https://www.kroll.com/en-us/global-fraud-and-risk-report-2018
2. Morgan, Steve. Cyber Crime Costs Projected to Reach $2 Trillion by 2019. Forbes Magazine. Retrieved from: https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#2d0557193a91