Cyber Tactics Column

RSS

In early May, the FTC’s Chief Administrative Law Judge held that in an enforcement action the FTC must disclose “what data security standards, if any” it has published and intends to rely upon to demonstrate that a company’s data security practices are not reasonable and appropriate.

Regardless of how vigorously the industry applies risk management principles and how diligently the government shares information, there is no chance the private sector can consistently withstand intrusion attempts from foreign military units and intelligence services or even, for that matter, from transnational organized crime.

The National Institute of Standards and Technology’s cybersecurity framework is now available, so how can CSOs and CISOs use it to better frame their cyber efforts and prove their case to the C-Suite?

Cybersecurity is the unsung linchpin of every company that has grown increasingly dependent upon vulnerable technologies, whether to communicate, to store sensitive data, or to manufacture and deliver its products and services.

Governments and corporations are facing considerable risk to their data, their underlying networks and the reliability of their products because of a confluence of three factors.

Let’s start with the good news. Malicious insider activity is relatively rare. Unfortunately, even though outsiders account for 85 percent of cybersecurity incidents, the damage often is substantially greater when an insider strikes.

In last month’s column, we explored the Top Five Reasons to Report Computer Intrusions to Law Enforcement.  This month’s column will provide you with a sense of what your company, as a victim of a computer intrusion, should expect when working with the Feds.

 Judging by today’s headlines, it is only a matter of time until every company – yours included – is going to experience a computer intrusion, or perhaps another computer intrusion. When that happens, you may find yourself working with law enforcement. Sometimes, they will be the ones calling you.  

In response to the growing cyber threat, Congress has been busy drafting legislation.

When it comes to changing the cyber security landscape for the better, there are a number of people, companies, agencies and associations driving both the policy debate and the solution set.