It’s the Thought That Counts

Previous entries here have focused on technical and process driven security measures. These are the backbone of information security – but they often overlook the low-hanging fruit – the people. Not the IT team, but the office workers and the laborers on the shop floor. Because they don’t write computer code or have access to your company’s key data, they are often overlooked. But these are precisely the people who may be pose the greatest danger. There is a reason why senior citizens are victims of internet scams more than […]

by Hank Berkley
Contributing editor

Read more

Enough is Enough

For years the information security community joked that new malware was being created by anti-virus vendors to sell organizations on the efficacy of their detection software*. In a field in which new threats appear daily it seems that the “bad guys” are not the only ones attempting to benefit. As fast as new threats appear, technology peddlers seem to arrive just as frequently with solutions to protect your organization from these new vulnerabilities. The question that you need to answer is whether you need to buy into each new safeguard. […]

by Hank Berkley
Contributing editor

Read more

Do You Feel Lucky?

We think of third-party security as being a risk we take when vendors or business partners are integrated with our systems and networks, but data sharing and other business practices also bring challenges. Perhaps the best-known case is Facebook sharing data with Cambridge Analytica. The latter is out of business, but Facebook itself is feeling the pain the same as if it was a data breach – perhaps even worse. There are two lessons we can learn from this case. The first is that no matter how smart you are, […]

by Hank Berkley
Contributing Editor

Read more

Su Casa es Mi Casa

The concept of a fully integrated business ended with Henry Ford. It has been replaced by strategic outsourcing, coordinated partnerships and a focus on core strengths. While a key benefit of distributing responsibility is the distribution of problems, the responsibility for cyber security not only can’t be pushed out to others, your organization assumes all of the security aspects of every company with which you work. In security audits these “shared” responsibilities are referred to as third-party risk; a misnomer since the risk all sits with you. But unlike primary […]

by Hank Berkley
Contributing editor

Read more

(Don’t Ever) Tell Me the Odds

Don’t Ever Tell Me the Odds If you have ever gambled at a Casino, you know it’s all about a game of Chance and Risk. Before placing a bet, the first thing you might consider, is understanding your chances of winning. To do this, you might consider the actual probability of winning or losing, then the amount you will bet, and ultimately, the amount you can afford to lose. You might also consider not even placing a bet but finding another venue or game where there might be better odds […]

by Hank Berkley
Contributing editor

Read more

“The first thing you have to know is yourself”

“The first thing you have to know is yourself.” – Adam Smith, The Money Game While Sun Tzu is attributed for saying “know thyself, know they enemy. A thousand battles, a thousand victories”, it was Adam Smith, oft referred to as “The Father of Economics,” whom highlighted the most important virtue of ‘Knowing Yourself’ in his book “The Money Game.” In the case of cyber risks, it is no different, and at Partners in Performance, America (PIPA), we believe in the importance of ‘Knowing Yourself’ by identifying those risks within […]

by Hank Berkley
Contributing editor

Read more

Be Afraid. But Not Very Afraid.

Every aspect of business has risks associated with it. Whether it is credit risk or a threat of fire, organizations generally understand those risks and have some idea of how to measure them. They take steps to reduce the identified risks by implementing safety processes and financial controls. Cyber risks need to be treated in the same way as “traditional” perils. That means you may not be able to eliminate risk, but you can take actions to mitigate them. To minimize risk, you first have to recognize risk. Where do […]

by Hank Berkley
Contributing editor

Read more

Risky business

No matter the type of organization in which you work, technologies that are embedded in your business pose a constant danger. Whether the technologies are obvious such as computer servers or process control systems, or less apparent such as scales in a rail yard, protecting them from cyber risks should be high on your list of priorities. But cyber security must be applied appropriately. Your goal should be to apply the right amount of effort to protect your company’s assets (including your reputation and ability to operate) based on their […]

by Hank Berkley
Contributing editor

Read more

Cyber strategy: Why the “why” is so important to your success

Does your organization know what “right” looks like for your cyber security? In 2003 J.M Anderson wrote that the metric of cyber security success for a company is often thought to be “nothing bad has happened” … however, how can you be sure about that? Even the most battle-hardened CIO and CISO know that it’s hard to ever be 100% sure that nothing bad has happened; better to plan and exercise for the worst. A better definition of success, then, is “a well-informed sense of assurance that… risks and controls […]

by Dr. Dawn Dunkerley

Read more

Why your cyber security investments don’t yield success in your organization

As cyber events continue to occur globally and at an alarmingly increasing rate, many organizations are investing more time and effort towards mitigating their cyber risk. However, many of these organizations continue to suffer the negative effects of cyber events and wonder why the expensive technical solutions they put in place didn’t protect them. The simple reason is because technical solutions, while important, do not mean that the organization is “wired” for cyber security success. Simply put, wiring is the glue that holds an organization together, it is the combination […]

by Dr. Dawn Dunkerley

Read more