The cybersecurity headlines have gotten bigger, bolder, and more prevalent as 2014 draws to a close. Not surprisingly, as a result of these costly cyber incidents, there has been much discussion about how to prevent—how to detect—and how to prepare for cyber attacks, including my recent article in InformationWeek’s Wall Street & Technology: 5 Tips On How To Prepare For A Data Breach.
Some of the tips fall into the bucket of “good cyber hygiene.” A recent article titled, “Is the Sony hack corporate America’s cybersecurity wakeup call?” defines good cyber hygiene as “basic steps — equivalent to brushing your teeth, flossing, and visiting the dentist twice a year.” These basic steps of good cyber hygiene focus on prevention—and they’re important measures to take. But many of the tips I outline in my article on how to prepare for a data breach are predicated on the assumption that despite the strongest security team and the best defenses, your enterprise could be breached. So the question becomes: how to prepare?
Venture capitalist Ted Schlein recently riffed on former FBI Director Robert Mueller’s quote about cybersecurity. Schlein’s twist: “Most people are starting to realize that there are only two different types of companies in the world: those that have been breached and know it, and those that have been breached and don’t know it.” The bottom line: good cyber hygiene is not enough. Strong defenses are not enough. It’s important to create an incident response plan in advance—and to test drive your plan before you discover you’ve been breached. Which takes us right back to my article, which was also published in InformationWeek’s Insurance & Technology site, too.
Let me know what you think.