WTCBN International Cyber Security Event Recap
On Thursday, February 28, WTCBN held a seminar on Cyber Security for Manufacturers, Bill Palisano from Lincoln Archives/LACyber and Reggie Dejean from Lawley Insurance educated attendees on data security risks, mitigations, requirements and coverages for companies doing business internationally. Following an excellent program, with an awful lot of information shared, we asked Bill and Reggie to give us their Top 3 takeaways from the program:
***
William Palisano, President – Lincoln Archives / LACyber
While updating current statistics relating to cyber defenses, breaches, and threat vectors for manufactures and supply chain partners, I was shocked by the following current stats:
According to Bomgar/BeyondTrust (www.beyondtrust.com), a leader in secure access solutions, 2017 survey of 608 IT professionals found:
- On average, 181 vendors are granted access to a company's network in a given week. This is more than double the number from 2016.
- 67 percent have already experienced a data breach that was either definitely (35 percent) or possibly (34 percent) linked to a third-party vendor.
- Two-thirds of respondents said they trust third-party vendors too much
According to Ponemon Institute’s Data Risk in the Third-Party Ecosystem Third Annual Report, published November 2018, (www.ponemon.org ):
- 59 percent of all (US & UK) respondents confirm that their organizations experienced a data breach caused by one of their third parties.
- 42 percent of respondents say they had such a data breach in the past 12 months.
- Only 29 percent of respondents say a third party would contact them about the data breach.
- Only 12 percent are confident they would learn that their sensitive data was lost or stolen by a 3rd Party vendor.
What does this tell us?
- Your vendors and supply chain partners with access to your systems are growing dramatically.
- Your vendors and supply chain partners are definitely being targeted (as ‘softer targets’ w/ access to your systems), and definitely growing as threat vectors. Remember: “a chain is only as strong as its’ weakest link.”
- Discovery of, organizing and managing your 3rd Party Vendors and supply chain partners (Risk!), is Mandatory!
Ronald Reagan had a great adage: “Trust, but verify.” It definitely fits here. ????
***
Reggie DeJean, Specialty Insurance Director – Lawley
Three Important Things to Understand When Considering Cybersecurity
1. One click, that’s it. It only takes one employee to fall for a well-crafted, fake website or email. Just a small amount of data is enough for today’s cyber criminals to gain access to your information and do major damage to your company. From holding your data hostage to stealing the personal information of your employees and clients, the impact can be catastrophic.
Having regular employee training on cyber security threats, establishing strong password policies, along with an excellent incident response plan in the event of a data breach, will create a solid foundation, providing you a roadmap to follow to help manage cyber-attacks.
2. You can’t let your guard down. If you’ve done all of the above, that’s great -- but it doesn’t end there. Annual training (or more frequent if desired) is ideal as cyber threats are constantly evolving. Be sure to inform your employees of critical issues such as phishing scams as soon as they’re reported.
The next step is routine maintenance of your software. This includes patching and updating regularly. Antivirus software from five years ago will do little to protect you from the threats of today. Keep in mind, cyber criminals are aware of known issues and will do their best to exploit them before you and/or developers are able to repair them.
3. Be prepared for the worst. There is no such thing as perfect security. When all of your other defenses fail, cybersecurity insurance can be the difference between an attack being a minor inconvenience, or an organization dealing with a disaster. Don’t opt out of coverage that could have saved the day. Legal, forensic, notification, credit monitoring, as well as business interruption costs can add up into the hundreds of thousands of dollars as a result of a cyber-attack.
