Infinite Group Inc.

Posts Taged cybersecurity

Empowerment of a CISO

When the title of Chief Information Security Officer (CISO) first came into existence more than a decade ago, the roles and responsibilities of the position barely resembled their current reality. The majority of CISOs reported to the Chief Information Officer (CIO), and were mostly focused on technology applications. They operated in silos and had a basic understanding of how to link security to the needs of the organization.

Since then, roles and responsibilities have evolved considerably. Instead of managing technology, today’s CISOs are responsible for a much broader and deeper set of interrelated tasks involving not only risk but governance. More often than not, they are reporting to the CFO or risk officer, rather than to the CIO. CISOs engage directly with the board of directors as well as, are public facing. They now have their own budgets and are charged not only with breach defense – but also the protection and enhancement of the value of the company and its brand.

With mounting threats, it is apparent that effective cyber-security demands a concentration on much more than technology. IT no longer can be expected to remediate cyber-threats. The demands of the CISO position requires in-depth knowledge of the company’s challenges and strong relationships with key stakeholders, as well as technical prowess.

The whole executive team, including the board of directors, must now assume a new management and governance role where technology, business and risk now meet – and they must be equipped to own such risks. The CISO must provide the support necessary to fulfill this new mandate, while bridging the gap between operations and IT to keep critical business systems, assets and other data secure and operational.

To be successful in this role, CISOs must have a deep knowledge not only of IT, but of the entire enterprise. Further, it is required that the CISO must Forge strong relationships with the company’s customers, top management and external suppliers. Also, they must be granted greater authority with direct reporting lines to the C-suite, as well as regular interaction with the board as it steps up its oversight and involvement in the defense of cyber-attacks.

Christopher Karr, CISSP is a Director of CyberSecurity at IGI

Continue Reading

Containment is Key After a Cyber Breach

I came across this Interesting article in GCN which speaks to cyber breaches and the ability to contain the breach. As this author indicates, a major provider of firewalls announced a critical vulnerability with its appliance. It points to continued vigilance around vulnerabilityGCN white management and the need to have a process in place to manage these effectively.

This also highlights that root cause at the OEM level must be taken into account when managing your security platform. While this can be remediated through available patches, it demonstrates that just because the OEM is responsible for addressing problems in their products, they aren’t always quick to identify them. Ultimately, this could lead to complete compromise, which may open a Pandora’s box in authentication control.

The underlying point here is that many organizations may have varied plans in place to ensure they are maintaining security. We could debate whether appropriate measures are being used however, what is becoming clear is that strategies for mitigating loss in a post-breach scenario are not being actively discussed.

Management must look at breaches not as a possibility but a likelihood. As such, mitigation plans must be developed to contain your exposure, remediate, and begin to get back on-line and in business. Just as hackers get creative in breaching security systems, we as protectors must get creative in design, management and mitigation.

Andrew Hsecurity1oyen is a Chief Administrative Officer at IGI which is a firm specializing in products and solutions for cybersecurity and vulnerability management.

 

Continue Reading

Assessing Cybersecurity is a Necessity for Small Businesses

The threat of hackers and cyber-criminals is very real, not only for large companies but also for small businesses as well.  That means that business owners must accept that a strong cyber-defense system is a must in the modern business world. It is worth noting, while an internal plan may work, external resources particularly those of experts in the field can greatly improve your security measures.

There is an interesting article in Forbes magazine that speaks to this from the small business point of view – How Small Businesses Can Improve Their CybersecurityForbes

This quote says it all. Small businesses are just as vulnerable, if not more so, than business with large IT budgets. There are cost effective ways for SMB’s to pay attention to their Network Security at reasonable prices. A well thought out and well-rounded comprehensive Cybersecurity posture no longer has to be viewed as something only the “big guys do”.  Rather it is an essential aspect in doing business especially in cyberspace.

– James Villa, President and CEO of IGI

Continue Reading
TechNewsWorld

Assessing Medical Device Security Needs to be a Priority

The U.S. Food and Drug Administration (FDA) recently announced some proposed guidelines for managing cybersecurity in medical devices.  This is certainly interesting particularly as it relates to the Internet of Things (IoT).  This is highlighted in an article in TechNewsWorld – FDA Guidelines Target IoT Medical Device Security.  TechNewsWorld

However, as we all know and as the article states the operating systems and the applications that run on top of these devices are fraught with security issues. Identifying vulnerabilities is one thing, getting the OEM’s to address the issues by providing timely patches and re-configuration recommendations is another matter altogether.

We certainly need more than guidelines for medical product security.  There needs to be laws passed to enforce vigilant assessments and remediation for security flaws in these products. We must not forget that there are living, breathing patients hooked up to these lifesaving medical devices. A hacker exploiting a flaw that causes a device to fail could potentially kill the patient. This would change the hacker’s status to now be a murderer.

Christopher Karr, CISSP is a Director of CyberSecurity at IGI

Continue Reading
Program code on a monitor

SIZE DOESN’T MATTER WHEN IT COMES TO SECURITY

Security risks are not just a matter for large companies.  Smaller companies can be easier targets as they do not have the resources or expertise in place to provide complete security.  cybersecurity-graphicAre you an SMB that doesn’t think this could happen or thinks about security but doesn’t know where to take the first steps?  Or for that matter, know what would be helpful for my business to stay protected and proactive?

 

You’re not alone.  There are thousands of companies out there struggling with these same questions.  This certainly resonates in an article from the Constance Gustke of The New York Times – No Business Too Small to Be Hacked,  In this article, you see that your peer companies are in the saNew-York-Times-Logome proverbial boat.  Don’t neglect security but find ways to make your life easier now so you don’t have to deal with a myriad number of issues later.  Another important aspect is ensuring employees are properly educated on security procedures.  This will provide a grassroots level vigilance for protection.

How do you put security measures in place especially when you don’t have the expertise to do so and feel that every time you ask someone in IT, they give a complicated and very expensive answer?  Are there “plug and play” solutions out there that you can rely on that won’t break the budget?  These are all important considerations.  From that, you will need to be proactive in setting up your baseline and find the tools that help make security easy.  It is essential to develop a proactive security plan for your company and then implement it.  This will involve monitoring of your network to ensure any vulnerabilities are assessed and corrected.

Andrew Hoyen is a Chief Administrative Officer at IGI which is a firm specializing in products and solutions for cybersecurity and vulnerability management.

Continue Reading
cnbc

CNBC on Cybersecurity Threats

Great article written by Harriet Taylor from CNBC on Cybersecurity Threats.
We need to change cybersecurity mindsets in today’s world.  This is essential not only to understand, but to handle the increasing volume of cyber issues.  It’s not just firms that must understand this issue, it’s individuals as well.
 
Continue Reading