Blog Layout
Cybersecurity and Your Organization – An Uncomfortable Reality
Chelsea Sauder • August 6, 2019
In the event of a Cybersecurity Incident, who would your organization feel was the most responsible? Are you sure?
In 2017, the venerable British defense and security company BAE Systems surveyed a globally diverse group of more than 1,200 C-Suite executives and IT Decision Makers (ITDMs). Their survey focused on the key areas of attitudes toward cyber risk, understand the cyber adversaries, and how the organization’s resources affect cyber defense. The opinions of the C-Suite and ITDM personnel were pretty far apart on the three topics. The only thing they could agree on was this gem: Both groups believe the other is responsible in the event of a breach.
This is not an entirely unexpected outcome as the priorities and perspectives of executives and ITDMs are quite different, and necessarily so. C-Suites tend to focus on the loss of sensitive information and customer private data; the IT personnel were concerned with the theft of intellectual property, fraud, and general disruption. Further, the executives assessed the average cost of incident response to be $11.6 million (over 40% said such an incident would cost the business less than $1.5 million) while the propeller heads in IT put it much higher, at $19.2 million.
Clearly, that chasm needs to be bridged. We can do better. We must.
Since 2017 when that report was published, the incidence of cyber-attacks has only increased and data breaches seem to make a regular appearance in the news. Later that year, in September 2017, the Equifax data breach affected over 140 million people. We’ve since learned that the attack vector was due to a software bug for which a patch was publicly available for approximately two months before Equifax was breached – but Equifax did not install it. That’s a technical failure. But Equifax also had technology that could have provided a compensating control by intelligently blocking network requests targeted at this vulnerability, effectively mitigating the risk before the underlying software was patched. The problem was that while this control was purchased, it hadn’t yet been deployed to protect the company’s vulnerable applications. That’s a process and management failure. The business damage to Equifax was severe. The company reportedly incurred over $240 million in the year after the breach – while their cybersecurity insurance coverage was roughly half that amount. That’s a storm a $3bn+ company can endure – can yours?
Fast forward to present day. March 22, 2019 – Capital One suffers a breach affecting the personal information of over 100 million customers and applicants. While we don’t yet know the cost to the business of this incident, there is no doubt it will be significant.
From these examples, and other incidents, we can infer a few salient things:
1. A cybersecurity incident is very expensive
2. Cybersecurity incidents aren’t going away
3. Consequences of such an event, both financial and in terms of customer goodwill to the affected organization, can and do persist long after the attack itself is over
We believe that an effective cybersecurity program needs to include some key recommended practices to foster a deeper interlock between ITDMs and executives, ultimately developing a robust, best of breed cybersecurity posture.
Are there opportunities to improve your cybersecurity program? Not sure where to start? Enter your information below and we’ll share a copy of our 5 Cybersecurity Recommended Practices at no cost to you!
Share this post with others:
When it comes to automating processes around your business, it can simultaneously seem like everything can be automated, and absolutely nothing can be automated. As with many other things, the real answer is somewhere in the middle but can be a bit challenging to put your finger on. These projects usually start when someone at the strategic level of the organization has decreed that “we are going to automate!” and either they personally go on the hunt for what to automate or they hand it off to someone on their team to go do the leg work and come back with “automation” (maybe in a nice box with a bow on it). Sound familiar?
Data is everywhere. You’ve got a lot to focus on and it can be hard to stay on top of what’s going on with your business. Report creation in Excel is often time-consuming and can quickly become a nightmare. Modernizing your reports and streamlining your process with PowerBI to get more reliable and consistent reporting across all of your systems can be a game changer for your business. Read on to learn about three key acceleration tactics that our team uses on every implementation that we facilitate.
83% of knowledge workers require technology to work together. Microsoft Teams is a cloud-based collaboration and communication tool that lets workers share the right information to the right people all through one integrated platform. According to a Forrester report, The Total Economic Impact of Microsoft Teams, there are a variety of ways using Teams saves organizations time and money. Read and download the infographic to share here .
How to Get Started with the Power Automate app for Teams You can get started with Power Automate app in just 3 quick steps: Click on the … in the left-hand corner of your teams browser Search for “Power Automate” Click on the Power Automate app icon and pin it to your left-hand Teams navigation panel
As mentioned, there are several options available for automating your business. One of our favorite low-code/no-code options is the Microsoft Power Platform. As a suite of 4 different tools, the Power Platform can automate routine tasks, customer support, data visualization, and more. A few highlights on the effectiveness of the Power Platform are:
It is no secret that 2020 and the coronavirus pandemic altered the reality of doing business. These changes are showing little signs of letting up and a lot of the adjustments made to respond to a remote workforce may very well become a permanent feature in daily business operations. As business decision makers (BDMs) and IT decision makers (ITDMs) head into a new year it is important to keep an eye out for technology solutions that can further support these operational changes while increasing efficiency. This post briefly highlights the top 3 digital solutions we have our eyes on for 2021 and our Microsoft-based clients.
In our latest video series, Patrick Boren, Principal Consultant at TexasPGB, introduces the newest addition to the Microsoft Project family, Microsoft Project Operations. In this video Patrick discusses: What challenges Project Operations aims to solve What is Project Operations and common use cases for the tool Who uses Project Operations Upcoming "Day in the Life" Sessions Watch the video or read the condensed transcript below.
Having a wealth of data at your fingertips is great, but what happens when your data is so vast that it takes you years to make a key discovery? A friend of mine told me a story recently about an experience he had. His first company conducted a VP meeting every quarter – everyone scrambling to put together their presentations and make their case based on the data from Excel spreadsheets. Departments and information tended to be segmented into silos. While much of the data could be shared across the company, rarely was it compiled in a way to show how one area of the business could affect another.
If you are looking to migrate your data to Microsoft 365 there are two common methods to funnel your data - SharePoint or Common Data Service (CDS). SharePoint solutions take advantage of lists and libraries. Data is housed, originated, and manipulated entirely within the SharePoint platform. CDS solutions use both standard and custom entities to collect and house data that is then integrated across the Microsoft 365 platform. Below we will review a few ways each method is different and what you should look for before making a final decision for your data migration plan.
When it comes to technology, do you have a one-size-fits-all vendor? In today’s world of cost cutting, we see more and more organizations that end up missing out on huge technology opportunities by assuming a single vendor can and will do it all. As a technology consulting firm, we’re frequently asked “aren’t you the same as my managed service provider (MSP)?” Fortunately, for those that ask, we’re able to shed light on how a Technology Consulting Firm varies from an MSP.
