Events like WannaCry, Equifax, and countless other breaches in recent months have awoken companies to the importance of managing cyber security risk. I delivered my opening keynote at IMPACT 2017 on the topic of operationalizing cyber security, that is, aligning the policies you have in place with the risk and procedures that are carried out across the enterprise to manage and report on that risk.
Many think that more technology is needed to protect their organizations. But if you look at recent events, technology is rarely the root cause of a cyber-related scandal. 81% of breaches leveraged weak or stolen passwords, and only 20% of employees will strengthen their passwords after training. The same is true for following-through on patching, asset management, access rights, and other governance activities with risk-based task management, monitoring and reporting. The weak links in our corporations are now the people, policies, and procedures.
Fortunately, many attendees spoke towards how they’ve been able to identify gaps between their policies and procedures, and consistently improve their cybersecurity measures.
Some users shared their experience in the aftermath of Equifax, which was a big concern for their Boards. One attendee explained how it was important to anticipate the concerns of Board members using LogicManager to gather existing data across many departments and to address those concerns, such as which personnel were impacted, who has access to critical company data, and what their authentication procedures are.