Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
APRIL 2017CIOAPPLICATIONS.COM8TIM CALLAHAN, SVP, GLOBAL CHIEF SECURITY OFFICER, AFLACTHREE CYBERSECURITY BEST PRACTICESIN 2017I love the start of a new year. It is an opportunity to reflect on the successes, failures and lessons learned from the previous year and resolve to set a fresh course. We can build on our successes and go about to the business of learning from, as to avoid repeating, our efforts that may not have been successful. For CISOs, that means reflecting on what the new year could bring. Thinking through the threat environment, renewing (or, for some, creating) our enterprise risk assessment and laying plans for the year. For 2017, there are three important areas of focus for CISOs to keep in the forefront of their minds.RansomwareAccording to Mandiant/FireEye, ransomware events increased by 35 percent from August 2015 to May 2016.1. In 2016,such attacks locked up hospitals' valuable patient file systems. Not only that, but consider the impact it had onthe San Francisco transit service, where passengers were unable to pay due to another ransomware attack. It used to be a mere nuisance, affecting individual PCs and mostly consumers. Today, it is a true enterprise threat with the potential to affect the entire file system. It probably has the highest potential for direct and indirect economic impact to a company than any other malware.The direct impact can be seen in the loss of valuable information in the corporate file system as well as the potential costs of the ransom itself. Even if you pay the ransom, there is no guarantee you will actually get a working code to unlock your files ­ if you get one at all. Most ransom demands have been relatively modest in cost when compared to the loss potential. However, as attackers prove more effective in locking a company's files, it only makes sense that the cost to get your files back will increase.However, there are also indirect, intangible impacts of data recovery that are sometimes more damaging. For example, what is the cost in loss of productivity with the impact to end users? Not to mention other costs; including labor to deal with users reporting suspect e-mails and other attacks and while hard to measure the cost of users not opening legitimate email messages for fear of it being spam. Also, what should be of great concern to any CISO as a genuine business partner is the impact that such events could have on your company's reputation. Will consumers want to do business with companies that appear vulnerable to external attacks?Organizations should look at their information replication and recovery protocol. Historically, we have Tim CallahanIN MYOPINION
< Page 7 | Page 9 >