Chief Information Security Officer

Information Security Leader Guides Cybercrime Discussion

Gary Berman, CEO of Cyberman Security and creator of “The CyberHero Adventures: Defenders of the Digital Universe,” examined cybercrime and the steps that organizations can take to stop cyber threats before they escalate during a roundtable discussion at the 2018 Chief Information Security Officer (CISO) Leadership Forum in New York on November 8. During the roundtable discussion, “A View from the C-Suite: An Insider Threat Case Study,” Berman discussed the immediate and long-term ramifications of cyberattacks, as well as provided tips to help organizations minimize the impact of these attacks.

Organizations are frequently on the lookout for ways to address cyberattacks. But there is no surefire solution to alleviate all cyber risks, at all times.

Cybercrime is a global issue that affects businesses and consumers alike. Although business leaders often explore ways to address malware, ransomware, data breaches and other cybercriminal activities, these leaders sometimes ignore the cybersecurity successes of different organizations.

“The only time you hear about hacks is when the bad people win,” Berman stated. “You never hear about all of the unsung heroes who toil in anonymity to keep us safe at work, school and home.”

Meanwhile, cybercrime is evolving. A single cyberattack may be exceedingly difficult for an organization to detect – even if this organization uses state-of-the-art security solutions. At the same time, a cyberattack may linger for months or years and cause thousands or millions of dollars in organizational revenue losses, along with substantial brand reputation damage and other long-lasting problems.

Cybercriminals today are launching advanced attacks against organizations of all sizes and across all industries. Furthermore, cyberattacks are growing in severity and frequency. If organizations fail to analyze cyberattacks properly, the consequences may be dire.

“There are all kinds of motivations as to why people hack,” Berman said. “The number one [reason] is probably money, but some people [hack] because they are smarter than you or because they believe they are smarter than you.”

Now, organizations are responsible for taking a comprehensive approach to cybersecurity. In some instances, organizations allocate significant time and resources to build cybersecurity strategies and implement assorted cybersecurity tools and technologies. However, despite these efforts, organizations sometimes struggle to achieve their desired results.

Keeping track of the cybersecurity landscape can have far-flung effects on an organization and its key stakeholders. If an organization understands advanced persistent threats (APTs), it can determine which steps to take to prevent these threats from wreaking havoc on their day-to-day operations.

Also, organizations can build long-term partnerships with white hat hackers. They can leverage bug bounty programs and offer financial initiatives to connect with white hat hackers and work with these hackers to quickly and effectively address cybercriminal activities.

“You need to convince the bad people to become good,” Berman indicated.

Full authentication may play a key role in helping an organization safeguard its sensitive information and resources as well.

Authentication tools and technologies are available to help organizations ensure that only authorized users can access sensitive information and resources. If an organization evaluates the authentication tools and technologies at its disposal, it can make an informed authentication solution investment.

Additionally, organizations must assess the security functions associated with Bluetooth technology, Internet of Things (IoT) devices and other everyday processes and systems. By performing a full security assessment, an organization can establish priorities. It then can take steps to consistently secure all of its processes and systems against cyberattacks.

“Bluetooth is not secure,” Berman pointed out. “[Bluetooth] devices don’t do full authentication. And as a layperson, if I know that, it’s at least a yellow flag.”

Organizations must understand the immediate and long-lasting effects of cybercrime, too. If an organization performs a full analysis of a potential cyberattack, it can find out how this incident may affect its employees, customers, brand reputation and revenue. Then, an organization can brainstorm solutions to reduce or eliminate security gaps in its everyday processes and systems.

“There are physical effects on systems and reputational effects on companies [associated with cyberattacks],” Berman noted. “And there are psychological effects.”

Going forward, organizations must be persistent relative to cybersecurity. If an organization is proactive in its efforts to identify and resolve cyberattacks, it could find ways to stop such incidents before they get out of hand.

Organizations also must be willing to adapt their cybersecurity methodologies and strategies to APTs and other evolving cyberattacks. If an organization knows how cybercriminals operate, it can take the necessary steps to safeguard its sensitive data against myriad cyber threats. Most important, this organization can limit the risk of a costly, time-intensive data breach and ensure its sensitive information is protected against a broad range of cyber risks.

Visit Argyle Executive Forum's 2019 CISO Leadership Forum: Security 3.0 – Shifting to Automation in New York, NY on Nov 13, 2019

right arrow icon

Next Article:
Indeed’s Sr. Manager of Employer Insights States, “You’re Only as Great as Your Candidate Experience”