The global cybersecurity market reached $75 billion for 2015 and is expected to hit $170 billion in 2020, according to Forbes.
Cybersecurity risk is ever-changing and pervasive. Given that it is a difficult and an intimidating topic for most organizational boards to consider, it is critically essential today that members of organizational boards, along with their executives and managers, have a comprehensive and basic understanding of cybersecurity and a risk management program that includes more than just an information technology component.
Recall when the Institutional Shareholder Services, who provide counsel to investors, recommended that most of the Target board of directors be replaced following the 2014 report of the Target data breach, explaining that the company along with their board was inadequately prepared for risks of doing business in today’s electronic commerce environment.
Other organizations with cybersecurity incidents are DSW, Dave & Buster’s, Lifelock, Accretive Health, FBI and Homeland Security, Seagate, IRS, FDIC, Anthem, Advocate Health Care, and this list can go on. The total cost of a cybersecurity breach can range from $1.5 million to $36.5 million when all costs from several business areas are included.
Who has the ultimate responsibility?
Laws, such as the recent one in the state of New York, DFS-39-16-00008-A effective March 1, 2017, for all organizations in banking, insurance, and financial services regulated by the State of New York Department of Financial Services, hold the board of directors as the ultimate and final ones responsible for adherence to all the terms in this new law. In addition, there are other regulations that detail what and how tasks in a cybersecurity risk management plan are to be completed.
Therefore, education of the board of directors and executives is needed. They do not have to become experts but should have a high-level understanding of cybersecurity risk management. This management program includes processes, trainings, reports, tasks outside of the IT department managed by the CIO that need to be occurring. This also includes an organization-wide cybersecurity incident response plan.
This session presents a high-level description and suggested components of this risk management function. While IT security is a critical role, it is not all that needs to be done. The SPOTT® Gap Analysis will be explained as a pragmatic tool in order to identify all tasks in all areas. A challenge for developing, and the ongoing management and execution for an organizations cybersecurity risk management plan is that support and agreement is required by leaders from different professions who have been taught different logical processes. The identified board member, executive, manager, project manager, etc. in leadership roles need to be able to communicate and influence them in order to gain needed support and agreement.
Ms. Becker has 30+ years developing high performing teams in business and all areas of technology in many different organizations, for project/change work and delivery ongoing services: the judiciary, financial services, manufacturing, membership based, consulting, healthcare, government (city, county, state, federal), and education. While managing a global data center, it lost electricity from being hit by lightning and was back up in 54 minutes from executing the disaster recovery plan. Her expertise includes understanding stakeholders, a key competency of Emotional Intelligence, in order to influence them. She has an MBA from the University of Chicago and a BS in Mathematics and Sociology from the University of Wisconsin.
Evolve is a cyber security bootcamp that provides students with hands-on training from highly experienced industry professionals. Evolve partners with not-for-profits, performing security assessment work throughout the curriculum, giving each student the real project work experience and concrete practical skills that are needed to land or advance a career. Evolve’s primary focus is on creating top-tier cyber security talent and placing them into high-paying jobs through professional staffing and direct hire services.
Founded in 1991, onShore Security is one of only a handful of managed cybersecurity providers, nationwide, that provide 24/7 real-time monitoring, correlation, and analysis of organization-wide network data. We collect data from any system, IDS on your site, cloud-placed sensors, netflow collectors, firewalls, network devices including encrypted payloads, and correlate that with logs from your systems to achieve an end-to-end security view. We specialize in banks, handling some fairly large regional institutions.
TEKsystems is a $3.8 billion IT services company, known for excellence in the industry. We provide the best talent in the country by hand picking the best and brightest and placing them at our client sites. We have deployed over 2,000 Information Security consultants in the past two years. We currently have over 500 active CISSP certified consultants and 400 recruiters certified to identify top talent. We also stay informed on market trends by partnering with companies such as SailPoint, Curion, RSA, Oracle and many more.