Mastering Cyber Security: Key Takeaways
DigitalTrust? Professionals
A community for business professionals focused on enabling safe, secure, "trusted" digital business.
Welcome to the second full issue of Cyber Careers Insider. We really value your feedback on this edition. Please take a moment to share your thoughts and comments on this month's content selection. Your input is highly appreciated and helps us improve our offerings.
Contents
This month's articles of interest
In our society reliant on technology, the cyber risk governance of companies directly impacts their stock prices and overall shareholder value. The new SEC cybersecurity rules establish transparency, serving as a strong foundation. However, assessing the long-term effectiveness of a cyber risk management strategy can be challenging. This article highlights four vital areas for investors to consider when evaluating its long-term efficacy.
It's actually quite common for companies to experience repeated attacks. According to a global study by Cymulate, around 67% of attacked companies are targeted again within a year. Shockingly, around 10% of companies face 10 or more incidents in just one year. When it comes to ransomware attacks, an international survey by Cybereason found that 80% of companies suffer from repeated ransomware attacks. This begs the question: Why are repeat attacks so widespread, and what should companies do to prevent repeat attacks?
According to a study conducted by security company BlackFog in June 2023, more than half of small and medium-sized businesses in the U.S. and U.K. experienced successful cyberattacks in the last year. Additionally, 39% of these businesses lost customer data due to cyberattacks.
No one wants to experience a security breach. However, the statistics indicate that it can happen to anyone. And the consequences go beyond just financial losses. Informing customers about your inability to fulfil commitments due to system downtime can severely damage your reputation and affect repeat business. To prevent such situations, it is crucial to have a disaster recovery system that ensures uninterrupted business operations, swift data recovery, and prevention of additional damage.
With generative AI tools like ChatGPT, Bard, Claude, Midjourney, and others gaining popularity, CEOs are wondering: Is this technology just hype or a game-changing opportunity? And if it's the latter, what value does it hold for my business? Generative AI is advancing rapidly, and CEOs are still grappling with its business value and risks. Check out this McKinsey post for key essentials on generative AI.
领英推荐
Top Tip of the Month
Deloitte recently published an insightful piece for those in the financial sector affected by the DORA regulations, with implementation needing to be in place by early 2025.?
The Digital Operational Resilience ACT (DORA) is the first European legislation addressing digital operational resilience for financial services, representing the EU's key regulatory initiative on operational resilience and cybersecurity in the sector.?
Applying to most financial services firms operating in the EU, the DORA mandates firms to adopt a wider business perspective of resilience, establishing clear accountability at the senior management level. The Act sets binding rules for Information and Communication Technology (ICT) risk management, incident reporting, resilience testing, and third-party risk management.
It also introduces the world's first supervisory framework for Critical ICT Third Party Providers (CTPPs), including Cloud Service Providers (CSPs). Now that a final agreement on DORA has been reached and published, firms have a basis to prepare for its implementation, expected to be finalised in October's European Parliament Plenary session.
In anticipation, firms should conduct a gap analysis to develop a roadmap for designing and implementing an improved operational resilience framework by Q4 2024, adhering to DORA's new requirements. In addition, firms should consider how DORA can be a catalyst in managing digital risks and understanding the impact of operational disruptions on their business and customers.
You can read more about this in Deloitte's guide here:
Recommended Courses
If your organisation is impacted by the DORA regulations, this self-paced eLearning course offers education on a risk management framework aligned with ISO 31000:
This program teaches you how to implement the NIST Cybersecurity Framework, e.g., Governance], Identify, Protect, Detect, Respond, and Recover:
You can purchase individual self-paced eLearning NIST Cyber Security Professional (NCSP?) courses right here:
CEO at Secure Managed Instructional Systems (SEMAIS) a SDVOSB l Official Member @ Forbes Tech Council | Author of "The Cybersecurity Mindset" l Keynote Speaker l Cybersecurity Advisory Board Member @ EC-Council
1 年It's great to have joined this newsletter. Here is more of myself. I am a published author of “The Cybersecurity Mindset” I also speak on various cybersecurity topics and write for Forbes. The links below are where you can find my work and connect with my newsletter on Linkedin. Please follow me as well. Website: www.dewaynehart.com Newsletter: https://www.dhirubhai.net/newsletters/6969225591791239168/ Forbes: https://councils.forbes.com/profile/Dewayne-Hart-President-SEMAIS/94008863-848d-4ef8-bd96-5b7f7e6b1aa9