CyRM by David X Martin

Author:David X Martin [Martin, David X.]
Language: eng
Format: epub
ISBN: 9781000374759
Publisher: CRC Press
Published: 2021-02-13T12:41:53+00:00

The attackers demanded a mere $52,000 ransom payment, but when all was said and done, the full impact of the attack was projected to cost more than $17 million. Nearly $3 million alone was spent on contracts for emergency IT consultants and crisis management firms.

The Atlanta ransomware attack is a lesson in inadequate business continuity planning. The event revealed that the city’s IT was woefully unprepared for the attack. Just two months earlier, an audit had found 1,500 to 2,000 vulnerabilities in the city’s IT systems, which were compounded by “obsolete software and an IT culture driven by ad hoc or undocumented processes.”

That was an example of how bad CyRM℠ leads to bad business. Now let’s look at a positive example of the interconnectedness. Research shows that 40 percent to 60 percent of small businesses never reopen their doors after a disaster. In August 2017, Hurricane Harvey slammed into Southeast Texas, ravaging homes and businesses across the region. Over the course of four days, some areas received more than forty inches of rain. By the time the storm cleared, it had caused more than $125 billion in damage.

Gaille Media, a small internet marketing agency, refused to be another small company shut down by disaster. Despite being located on the second floor of an office building, Gaille’s offices were flooded when Lake Houston overflowed. The flooding was so severe that nobody could enter the building for three months. The company never returned to the building, but its operations were hardly affected. That’s because Gaille kept most of its data stored in the cloud, which allowed staff to work remotely through the storm and after. Even with the office destroyed, they never lost access to their critical documents and records. In fact, when it came time to decide where to relocate, the owner ultimately decided to keep the company decentralized, allowing workers to continue working remotely. Had the company kept all its data stored at the office, the business may never have recovered. The COVID-19 pandemic has demonstrated that the virtual world is already upon us and that the ultimate winners will be the companies that enable it.

When it comes to corporate crises, the only thing people remember is the outcome. A good outcome is the result of a well-developed, disciplined process that demonstrates collective wisdom and commitment to corrective results.

The specific needs of an effective CyberWellness℠ and security program include: careful planning, smart delegation, and a system for monitoring compliance—all of which the board of directors should oversee. Long term, the board needs to understand and consider the strategic business implications of cybersecurity, foster the right corporate culture regarding security, and encourage the integration of CyRM℠ practices into all governance and approval processes. Bottom line: a smart board of directors understands that cybersecurity is a management issue––not just as a technical one.

Having an effective business cybersecurity strategy is so important that the SEC will soon mandate it. Now working its way through the Senate, the Cybersecurity Disclosure Act is a simple bill that will have a far-reaching effect.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.