Critical Analysis.

profileJohn_matt
case_study_2.docx

Introduction

Once a company adhere to conduct business in the Cyberspace, securing its assets is just as important as within the physical world. Thus the term Cybersecurity must be understood and implemented. The NICCS defines the term Cybersecurity as the ability to protect information contained in Cyberspace from being damaged, unauthorized accessed, used and or modified (Niccs, 2016). In other words, only authorized individual should be able to access, manipulate and use company’s information contained in Cyberspace. UMUC defines Cybersecurity as information technology security, which aims to protect computers, network, program and data from unintended or unauthorized access, change and or destruction (UMUC, 2016). Then again, by moving into Cyberspace, companies must plan and invest in Cybersecurity to make certain that its information system will only be accessible, manipulated and used by authorized personal. As a consequence unwanted access will be prevented. Cyberspace is becoming the ruler of a global digitalized realm. Dada needs to be protected, intellectual property needs to kept secret, banks financial information needs to be safeguarded, and above all, the reputation of the company is the paramount of business survival. So it is imperative that company’s leaders invest in Cybersecurity in order to have a tougher approach to Cybersecurity their Cyberspace.

Business Need for Investing in Cybersecurity

More often than not CIO’s feel like a lone wolf. It is a fact that it is hard to have people that can help them implement a Cybersecurity program on their side. These people are the executives, they usually act on the reactive mode. Such as, they work under the assumption that an attack won’t happen to their company, or they just wait till it happen to deal with it. Nevertheless, often the headlines we seeing in the news describing another Cyberattack, such as the Sony Picture Entertainment, Target, or even the Federal Government Office of Personal Management (OPM). Yet, the posed question is could it be avoided? What if that happen to my company? The oblivion of the executives about a Cyberattack to their company and what they see as a more important issues, allow them to keep pushing the Cybersecurity of their company under the rug, until an attack happen and then is panic mode all over, and all of the effort will be applied to control the damage. The damage may be, customer data may have being stolen, intellectual property and financial information may be disclosure, companies have an legal obligation to make it public and there it is, the company’s reputation is finished, and may not be the same ever again. So why executives are being oblivion for these facts? A survey conducted by PWC reveals the losses that has eventuate within company’s victims of a Cyberattacks in US (Loveland, G., & Lobel, M, 2012).

The Impact of Cyberattack in Business in US

Financial losses

37.5%

Intellectual property theft

31.8%

Brand reputation compromised

31.2%

Fraud

15.8%

Legal exposure lawsuit

12.2%

Loss of shareholder value

11.3%

Extortion

7.1%

Nevertheless, the survey has shown that executives lacks to understand or accept Cybersecurity as vital for the survival of their company, and they continue labeling Cybersecurity as a technical subject. When asked the confidence of effectives on the company ability on Cybersecurity 72% of executives answer was very or to some extend confident. However, when asked to detailed the approach of their companies to Cybersecurity, the implementation and proactively, the answer is somewhat disappointing. 43% of executive’s responders was confident of their effectiveness approach of information security. 27% of those that classify themselves as strategist (CIOs) relay on executive. 15% said they better of getting things done other than describing. At last, the gravity fighters, 22% acknowledge nonexistent strategy and to be reactive to a Cyberattack. To be fair, 13% of responder are walk the walk by having Cybersecurity strategy with leading practice (Loveland, G., & Lobel, M, 2012). Numbers don’t lie, facts are facts, and it is fair to conclude that the predominant barrier to Cybersecurity companies Cyberspace are senior executive. These are educated folks, and they must take a second look at the number and fact and predictions made by experts. In addition to listen to their CIO.

People, Processes and Technology

It is nearly impossible to have a Cybersecurity system 100% hacking proof. Gartner points out preventive controls like, firewalls, antivirus, vulnerability management, won’t be the solution. Instead, there should be a balance of investment in detection, response capabilities and acknowledgment (Conn, S, 2015, February 24). Additionally, as mentioned executives need to partner with CIOs in order to any system security to be successful, for the fact that people will be resistant to changes. By knowing that the implementation has the approval and support of senior’s executive, people will be less resistance and more compliance. Hackers are just as savvy as the ones that has the task to implement a system security. The National Cybersecurity awareness Month of 2015 stated that Businesses can invest millions of dollars in top-of-the-line security software, but without proper employee training, the expected results are debatable to fail, in addition, if employees are not informed on Cybersecurity best practices, they could be adding unnecessary risk (NCI, 2015, October 13). Training employ is one in many steps to Cybersecurity a Cyberspace. It is an endless process, and this process must be continued. To illustrate, the network must be tested continuously, and if need calibration must be done, all types of backups (full backups, differential and incremental) of all data… Finally technology, which is the cornerstone of a system security. Without technology it is impossible to Cybersecurity a Cyberspace. Technology such as endpoint protection (EPP) antivirus, Application Life Cycle Management (ALM), Identity Privilege Management (IPM), Security Information and Event Management (SIEM) these are all technology that when properly implemented make a system information security difficult to penetrate. Executives, CIOs, people, process and technology must be intertwined. The derail of anyone of these items and others on the list, will debilitate to Cybersecurity a Cyberspace as initially intent. On a final note investing in Cybersecurity should not be a subject of whether or not an investment is needed. Rather, is a matter of companies projecting responsibility and commitment to protect, detect, react, document and prevent a hacking on its Cyberspace. Thus maintaining its reputation.

 

 

 

References

Conn, S. (2015, February 24). Gartner Says By 2018, 40 Percent of Large Enterprises Will Have Formal Plans to Address Aggressive Cybersecurity Business Disruption Attacks. Retrieved March 16, 2016, from http://www.gartner.com/newsroom/id/2990717

Loveland, G., & Lobel, M. (2012). Cybersecurity: The new business priority. Retrieved March 16, 2016, from http://www.pwc.com/us/en/view/issue-15/cybersecurity-business-priority.html

Niccs. (2016). Cybersecurity 101. Retrieved March 16, 2016, from https://niccs.us-cert.gov/awareness/cybersecurity-101

NCI. (2015, October 13). People, Process and Technology: National Cybersecurity Awareness Month’s 1st Podcast. Retrieved March 17, 2016, from http://www.nationalcybersecurityinstitute.org/editorials/people-process-and-technology-national-cybersecurity-awareness-months-1st-podcast/

UMUC. (2016). Cyber Security Primer. Retrieved March 16, 2016, from http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm