Page 18 - index
P. 18
Data Breaches, Cybersecurity, and the New Normal
By Scott M. Higgins, CISA, CRISC, CRMA, Director, WeiserMazars LLP
& Moises Brito, CPA, CISA, CIPP/US, Manager, WeiserMazars LLP
During the first nine months of 2015, organizations from a range of industries have been affected by
cybersecurity breaches. Just a few of the more famous victims include Anthem Inc., The Internal
Revenue Service (IRS), British Airways, and Ashleymadison.com.
These organizations all have one thing in common - each possesses valuable consumer data such
as names, addresses, credit card numbers, financial institution information, protected health
information, and social security information. In the face of these ongoing threats, it is vital for
businesses of all kinds to have a strategic plan to safeguard their operations.
“This is the new normal,” says S. Gregory Boyd, Partner and Chairman of the Interactive
Entertainment Group at Frankfurt Kurnit Klein & Selz. “Especially for media companies. We’re
seeing regular breaches across the industry both generally and in response to stories, movies, or
other products that an individual or country doesn’t like. All organizations need to be ready for
cybersecurity breaches and do what they can to protect themselves.”
An Effective Strategy
The first step when developing a cybersecurity strategy is to perform a risk assessment. The goal is
to identify security vulnerabilities involving the transaction and storage of sensitive information, and
then allocate resources for protecting that data commensurate with the level of risk involved.
A risk assessment should be performed for each unique application, and the related infrastructure,
that performs transactions and stores data.
Each risk assessment should begin with a detailed understanding of all business use of data and
surrounding controls, and include all outsource areas such as, payroll, asset custody, or claims
processing.
The result of an effective assessment will be determining which data is worth protecting (including
personal information of customers and employees, and confidential business and development
plans), and a clear vision of how to improve security to better protect it.
Says Justin Berman, VP of Information Security at Flatiron Health, “It’s important to really
understand what you are actually protecting. It’s easy to assume that we are all protecting the same
thing, but the truth is that protecting a hedge fund is different than protecting a health care
organization.
There are different areas that need attention and different approaches that need to be taken based
on the organization’s specific data profile.”
18 Cyber Warnings E-Magazine – September 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
